Fwd: Re: [cyrusimap/cyrus-sasl] PAM auth causes segfault for unknown reason (#547)

jan parcel jan.parcel at oracle.com
Mon Dec 10 14:46:24 EST 2018 

We have seen severe mutex issues with sasl_client init on super-fast 
machines.    We temporarily solved it by patching openldap to ensure it 
never calls sasl_client_init more than once,  but when I get out from 
under my current non-cyrus-sasl load, I had planned to test and submit 
changes to sasl_*_init to use a static mutext that is pre-initialized, 
which is what I found online as the solution for LIBRARY issues with 
passed in or even local mutexts.

The issue is that the mutex needs a mutex, which needs a mutex, and it's 
turtles all the way down unless a static mutex is used at that top level.

For some reason I have not understood, I've been told to not even THINK 
of doing anything like that to the mutexes used in gssapi.


On 12/10/2018 7:53 AM, Alexander Sagen wrote:
>
> Trying to set up a temporary shared email server to replace an old 
> server with a dying disk while we move all our customers to a new 
> email solution. Configured saslauthd the same way it was configured on 
> the old server.
>
> Somehow, during the authentication process, saslauthd manages to 
> segfault, seemingly due to a mutex lock issue.
>
> Installed latest sasl2-bin (version 2.1.27) from APT (source: 
> http://eu-central-1.ec2.archive.ubuntu.com/ubuntu bionic/main amd64 
> Packages).
>
> Running linux kernel 4.15.0-1021-aws.
>
> gdb output during crash:
>
> |root at mail1:~# gdb --args /usr/sbin/saslauthd -a pam -c -m 
> /var/spool/postfix/var/run/saslauthd -r -n 0 -d GNU gdb (Ubuntu 
> 8.1-0ubuntu3) 8.1.0.20180409-git Copyright (C) 2018 Free Software 
> Foundation, Inc. License GPLv3+: GNU GPL version 3 or later 
> <http://gnu.org/licenses/gpl.html> This is free software: you are free 
> to change and redistribute it. There is NO WARRANTY, to the extent 
> permitted by law. Type "show copying" and "show warranty" for details. 
> This GDB was configured as "x86_64-linux-gnu". Type "show 
> configuration" for configuration details. For bug reporting 
> instructions, please see: <http://www.gnu.org/software/gdb/bugs/>. 
> Find the GDB manual and other documentation resources online at: 
> <http://www.gnu.org/software/gdb/documentation/>. For help, type 
> "help". Type "apropos word" to search for commands related to 
> "word"... Reading symbols from /usr/sbin/saslauthd...(no debugging 
> symbols found)...done. (gdb) run Starting program: /usr/sbin/saslauthd 
> -a pam -c -m /var/spool/postfix/var/run/saslauthd -r -n 0 -d [Thread 
> debugging using libthread_db enabled] Using host libthread_db library 
> "/lib/x86_64-linux-gnu/libthread_db.so.1". saslauthd[4767] :num_procs 
> : 0 saslauthd[4767] :mech_option: NULL saslauthd[4767] :run_path : 
> /var/spool/postfix/var/run/saslauthd saslauthd[4767] :auth_mech : pam 
> saslauthd[4767] :mmaped shared memory segment on file: 
> /var/spool/postfix/var/run/saslauthd/cache.mmap saslauthd[4767] 
> :bucket size: 96 bytes saslauthd[4767] :stats size : 36 bytes 
> saslauthd[4767] :timeout : 28800 seconds saslauthd[4767] :cache table: 
> 985828 total bytes saslauthd[4767] :cache table: 1711 slots 
> saslauthd[4767] :cache table: 10266 buckets saslauthd[4767] :flock 
> file opened at /var/spool/postfix/var/run/saslauthd/cache.flock 
> saslauthd[4767] :master pid is: 0 saslauthd[4767] :listening on 
> socket: /var/spool/postfix/var/run/saslauthd/mux saslauthd[4767] 
> :attempting a read lock on slot: 1501 saslauthd[4767] 
> :[login=someuser at example.com] [service=smtp] [realm=example.com]: not 
> found, update pending saslauthd[4767] :attempting to release lock on 
> slot: 1501 Program received signal SIGSEGV, Segmentation fault. 
> __GI___pthread_mutex_lock (mutex=0x20) at 
> ../nptl/pthread_mutex_lock.c:65 65 ../nptl/pthread_mutex_lock.c: No 
> such file or directory. (gdb) |
>
> saslauthd configuration:
>
> |START=yes DESC="SASL Authentication Daemon" NAME="saslauthd" 
> MECHANISMS="pam" MECH_OPTIONS="" THREADS=0 OPTIONS="-c -m 
> /var/spool/postfix/var/run/saslauthd -r" |
>
>> You are receiving this because you are subscribed to this thread.
> Reply to this email directly, view it on GitHub 
> <https://github.com/cyrusimap/cyrus-sasl/issues/547>, or mute the 
> thread 
> <https://github.com/notifications/unsubscribe-auth/AWZUI0ZGTgvWKrnlTVe7ITW3y_TJIodyks5u3oOXgaJpZM4ZLpVt>.
>

-- 
Jan Parcel, Software Developer
Oracle Systems Server & Cloud Engineering

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.andrew.cmu.edu/pipermail/cyrus-devel/attachments/20181210/30a3422a/attachment.html>

More information about the Cyrus-devel mailing list