lists.arthurdejong.org
RSS feed

Re: [nssldap] release 0.2 of nss-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] release 0.2 of nss-ldapd

Howard Chu wrote:

Andreas Hasenack wrote:

...


- one also doesn't have to worry about filedescriptors from the
  application, like closing the wrong ones, etc
That seems like the main point of having a daemonised nss_ldap to me. The current in-process implementation has side effects. Some things are unavoidably shared with the calling application: file descriptors and signal handling are the two most obvious ones. The file descriptor issue is currently handled reasonably well I think, but it's definitely ugly.
I think signal handling is still broken though. nss_ldap sets the SIGPIPE handler to SIG_IGN on entry to an nss_ldap API call, and restores it just before exit. While there's a mutex to stop other threads from calling the nss_ldap API while this is happening, there's nothing to stop another thread from setting the signal handler via any other code path while nss_ldap is in flight. This can easily result in nss_ldap stomping on an installed signal handler when it restores the signal handler saved on entry.
Depends on your communication method with the daemon. That IPC is still vulnerable.
Ideally the connection could be set up and torn down on each nss_ldap API call. I haven't timed unix domain sockets, but presumably they're much quicker to connect and close than TCP across a network. Even if they're too slow and some sort of shared memory were used instead, there's a difference between the code being vulnerable to, say, stray pointers and the current situation where nss_ldap is modifying state that is defined to be global to the process (signal handlers, file descriptors).
e.g. If I wrote some application that broke the proposed daemonised nss_ldap because a stray pointer of mine wrote garbage into nss_ldap's shared memory buffer, I'd say it was my fault. If I wrote an application that installs a signal handler, and the current nss_ldap stomps on it as a side effect, I'd say it's nss_ldap's fault.
(Having said that, I think the current signal handling could be fixed by blocking SIGPIPE with pthread_sigmask() and then "soaking up" any pending SIGPIPEs before return with sigwait()) 

cheers
David.
--
   David.Houlder@anu.edu.au         ANU Supercomputer Facility
   Phone: +61 2 6125 0578           and APAC National Facility
   Fax:   +61 2 6125 8199           Leonard Huxley Bldg (No. 56)
                                    Australian National University
                                    Canberra, ACT, 0200, Australia