SUMMARY: rpc.ttserverd pegs CPU and prevents CDE login

From: Gerhard den Hollander (gerhard@james.jason.nl)
Date: Wed Jun 23 1999 - 01:49:45 CDT


Original question:

|
| We've got a bunch of systems (suns) using the CDE,
| on one machine (a UE450) the rpc.ttserverd started pegging the cpu
| PID USERNAME THR PRI NICE SIZE RES STATE TIME CPU COMMAND
| 776 root 1 -25 0 2920K 1216K cpu/1 20.3H 48.55% rpc.ttdbserverd
|
| as a result of which, no users were able to log in through the CDE anymore
| (not just to that system, but to every system networked to this system).
| [except for the superuser].
|
| Note, the above is for a 2CPU system, so the rpc.ttserverd was eating 97.1
| % of one of those CPUs
|
| It took me a while (and a lot of frustrated users banging down my door)
| before I nailed the problem to the rpc.ttdbserverd on the UE450.
|
| After I killed the process all users could log in again.
|
| Questions:
|
| 1) How can this happen ?
| 2) How can I prevent it from happening ?
| 3) what kind of totally ass backward design decision was this &%@&#@$
| that allows one process on one machine to go haywire in such a way that
| it effectively renders an entire network useless.

Dave Foster replied
(Roger Fujii gave a similar reply)

| This is actually a bug, and the problem is caused by a corrupted TT_DB
| database. These directories are created at each mount point as needed.
| The solution is to completely remove (rm -rf) these directories:
|
| find / -name "TT_DB" -exec rm -rf {} \;
|
| and stop/start the rpc.ttserverdb daemon.

The TT_DB can get corrupted if X/CDE crashes .. given the fun we're still
having with our U10s and OGL we have to powercycle them regularily, so that
might explain it ...

Other people (Rob Allan, Nadya Williams )
recommened the following
| I commented out this service in /etc/inetd.conf. Now I have no messages about
| TT_DB tables/problems, and no CPU overuse. No adverse effect form not running
| rpc.ttdbserverd either. Another argument in favor of shutting it down is that
| there exists exploit that uses rpc.tdbserverd, and some unpatched systems are
| vulnerable to it.

which is what I did .. it's running fine now, and I haven't noticed any
missing functionality from not running this service ..

        Gerhard, (@jasongeo.com) == The Acoustic Motorbiker ==
 --
   __0 1 day I'll just sit & watch it turn
 =`\<, I'll ride my bicycle to work
(=)/(=) I'll forget everything I ever learned
        Forget to hit, forget to hurt



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:22 CDT