On Sat, Nov 20, 2010 at 03:33:31PM -0500, Simo Sorce wrote:
Had some spare time today and wanted to fix this issue.
The attached patch instruments nss and pam clients to use a pthread mutex to prevent multiple threads from stomping on each other.
The patch is quite simple and basic testing seem to show no issues. It may be worth of back-porting to older versions.
I think the mutexes cover too much code here, especially for PAM. The PAM client does not use any global variables except the file handle to to PAM responder of sssd. I would be enough to just protect the I/O to sssd with the mutex to avoid other threads getting the response of a request from a different thread. I here I would suggest that we reduce the socket timeout considerably to avoid long delays if a request gets stuck in sssd. We might be able to avoid mutexes here completely by introducing request ids, but this can be seen as an enhancement for a future version.
Protecting a whole PAM task like authentication with a mutex can lead to DOS situation when a user logs into a threaded application with his username but "forgets" to enter his password immediately because the phone is ringing.
For NSS it might also be sufficient to protect the I/O to sssd. Netgroups do not use a global variable to save the context and for passwd and groups I think the global variables are not really protected. E.g. while one thread is running a loop with getpwent() calls a second thread can sneak in between in the calls and call setpwent() and resets the global variable.
bye, Sumit
Simo.
-- Simo Sorce * Red Hat, Inc * New York