cyrus-imapd/sasl on MacOS X 10.3.8: hang

Charles Bailey bailey.charles at
Mon May 2 11:01:11 EDT 2005

> There are known issues with the latest sec updates from Apple and
> SASL. I have not had the opportunity to look into the nature of those
> issues but they're widely reported, even with the second replacement
> update that Apple issued after the first one was recalled.
> If you've installed any recent sec updates I'd restore from backup.
> Anything that triggers a libc lookup tends to hang, as you have
> observed. This is due to a problem with lookupd, which services libc
> lookups. It is not clear to me whether this contributes to or causes
> the issue seen in SASL authentication; as I've said I haven't
> explored the issue, and there is a complex set of interdependencies
> among DirectoryService, libc, lookupd, SASL, SecurityServer, PAM, etc
> etc etc.

OK, to no-one's real suprise (including my own), if I rebuild Cyrus
SASL without GSSAPI, LDAP, or PAM support and run Cyrus IMAPD and
Sendmail against it, using sasldb for authentication, all is well. 
(It's run clean for several days longer than any of the previous

I think we're on stable ground now, but I'm still uneasy walking away
from this, as it seems there's a simple-to-exploit DoS bug living in
OS X somewhere, which it seems unfriendly to ignore.    I haven't
really had a chance to delve into the source and figure out why
saslauthd-pam/imapd (and possibly saslauthd-pam/sendmail) locks up the
system while things like sshd-pam do not, if in fact PAM's the
culprit.  Do any other obvious lines of investigation occur to folks
out there?  Is there a mechanism by which an outside user can file a
bug report with Apple?  (Perhaps the darwin-dev list works?)  Is there
a better forum in which to ask?


Charles Bailey
Lists: bailey _dot_ charles _at_ gmail _dot_ com
Other: bailey _at_ newman _dot_ upenn _dot_ edu

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list