KDC segmentation fault on krb5kdc

Abhilash S abhilashvkm at gmail.com
Wed Nov 28 13:02:28 EST 2012 

Hello Greg,

Thanks for the update!.
looks like upgrade to 1.10.X version will help.

Few clarifications;
 >>child KDC process dies, the master process kills all of the other child
processes and exits

I saw this issue, in last few occurrence,where process hangs when child
process get segmentation fault.
Does any network/system setting trigger this.
we are running under  Linux  ( 2.6.32-300.4.1.el5uek   Architecture:
amd64 )

we need to understand is there any specific scenario/test case where null
pointer dereference vulnerability in krb5 will trigger.(we didn't see this
issue earlier)

Thanks,
Abhilash

On Wed, Nov 28, 2012 at 9:41 AM, Abhilash S <abhilashvkm at gmail.com> wrote:

>
>
> ---------- Forwarded message ----------
> From: Greg Hudson <ghudson at mit.edu>
> Date: Wed, Nov 28, 2012 at 8:26 AM
> Subject: Re: KDC segmentation fault on krb5kdc
> To: Abhilash S <abhilashvkm at gmail.com>
> Cc: krbdev at mit.edu
>
>
> On 11/27/2012 01:34 PM, Abhilash S wrote:
> > we are running krb5 in thread option (krb5kdc -w 4)
>
> The krb5kdc -w flag does not use threads, just processes.
>
> > some times child process hangs with out a clean shutdown and we need to
> > manually kill the hanging process
>
> Having to manually kill KDC processes after a child process crashes is
> unexpected.  The intention (which holds true in my tests) is that if any
> child KDC process dies, the master process kills all of the other child
> processes and exits.  From the log messages you quote, it looks like the
> master process was at least beginning to do that.
>
> >>From Syslog we saw segmentation fault on krb5kdc
> >  kernel: krb5kdc[18176]: segfault at 0 ip 0000000000407781 sp
> > 00007fff250d0ca0 error 4 in krb5kdc[400000+1b000]
> >
> > Is there any issue in running KDC in multithread model ?
>
> I'm not aware of any issues specific to the krb5kdc worker process
> feature.  I am aware of a null pointer dereference vulnerability in krb5
> 1.9.2, however, which is fixed in later releases (1.9.4 or 1.10.x).
>
>
>
>
> --
> Thanks & Regards,
>
> Abhilash.S
>



-- 
Thanks & Regards,

Abhilash.S

More information about the krbdev mailing list