[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapcat kills slapadd

To: Peter Mogensen <apm@mutex.dk>
Subject: Re: slapcat kills slapadd
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Wed, 18 Nov 2009 08:59:02 -0800
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <4B0425F3.7090406@mutex.dk>
References: <4B03EA1E.8010509@mutex.dk> <76670FD37ABE43BE47C7E405@STONEKING-LM.CORP.YAHOO.COM> <4B0425F3.7090406@mutex.dk>



--On November 18, 2009 5:50:59 PM +0100 Peter Mogensen <apm@mutex.dk> wrote:


Yes...
Knowing that I would have expected slapcat to fail/crash.

I think you're missing the point. *slapadd* with -q expects no other toolsto be touching its environment. It makes perfect sense to me that itcrashed.

But I wouldn't expect slapadd to crash to - being the first to open the
BDB environment.
If any slapadd can be crashed by any user/shell executing slapcat (with
write perms to the dir), then it can be difficult to protect an long
running (hours) slapadd from being crashed by accident.

I'd suggest then not allowing random users to slapcat your directory. Andif you have processes that run slapcat, then set that up in a shell scriptwith protections, like you touch a file called /etc/noslapcat and if thatexists, then your process will exit without running slapcat.



--Quanah

--

Quanah Gibson-Mount
Principal Software Engineer
Zimbra, Inc
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- slapcat kills slapadd
  - From: Peter Mogensen <apm@mutex.dk>
- Re: slapcat kills slapadd
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: slapcat kills slapadd
  - From: Peter Mogensen <apm@mutex.dk>

Prev by Date: Re: slapcat kills slapadd
Next by Date: Re: Issues with SSL/TLS + GSSAPI when modifying uniqueMember attribute (bug???)
Index(es):
- Chronological
- Thread