Patch-ID# 101620-01 Keywords: keyserve descriptor security Synopsis: SunOS 5.3: keyserv has a file descriptor leak Date: May/05/94 Solaris Release: 2.3 SunOS release: 5.3 Unbundled Product: Unbundled Release: Topic: SunOS 5.3: keyserv has a file descriptor leak BugId's fixed with this patch: 1156333 Changes incorporated in this version: Relevant Architectures: sparc Patches accumulated and obsoleted by this patch: Patches which conflict with this patch: Patches required with this patch: Obsoleted by: Files included with this patch: /usr/sbin/keyserv Problem Description: 1156333 keyserv has a file descriptor leak. keyserv runs out file descriptors. The client-side to keyserv (in libnsl) caches one client handle/per process thread. It tries to use COTS_ORD as the loopback transport to talk to keyserv - which means that keyserv will have an open fd for every client handle that is cached (and using COTS/COTS_ORD transport). Now, every nis+ lookup requires at least one rpc call to keyserv (two if the session key is not already established); this means all the getXXbyYY calls made by csh, sendmail, nis_cachemgr, .... (almost all the processes running on the server). So, we need to increase the fd limit (currently 64) to the maximum allowed (1024). Patch Installation Instructions: -------------------------------- Generic 'installpatch' and 'backoutpatch' scripts are provided within each patch package with instructions appended to this section. Other specific or unique installation instructions may also be necessary and should be described below. Special Install Instructions: ----------------------------- none