Arch Linux

Description:

With the latest krb5 bump from 1.10.x to 1.11, both Firefox and Chrome browsers break in combination with an HTTP proxy. For each browser proxy request a number (4?) of file descriptors are leaked. This will continue until the browser process has too many files open which will render both Firefox and Chrome unusable. They both stop loading internet pages. Firefox will also stop rendering fonts completely, even the user interface may degrade, where the tabs and menu's also don't show any fonts anymore.

I started noticing strange behavior with Firefox early this year. Both myself and a colleague have this issue on both i686 (my system) and x86_64 (colleague system). We've gone through great lengths figuring out what was going on, and ruled out anything else. Downgrading krb5 to 1.10.3-1 solves the issue.

It has something to do with the Kerberos credentials cache (the krb5cc_... file in /run/user), because another colleague using XFCE does not have this problem, because the credentials cache is not created at all for his system. The systems with the issue are running Gnome 3.

Another workaround is rm'ing the credentials cache directory before starting either Chrome or Firefox.

I've flagged this bug report as being critical as this issue basically renders your browser almost unusable, because each time after some 30 minutes of browsing so many file descriptors have leaked that crashes the browser. Although downgrading to krb5-1.10.3-1 makes my browser usable again.


Steps to reproduce:

Install Firefox and krb5 1.11. Configure a HTTP proxy. Browse to a few websites. Check lsof on /run/user/<userid>/krb5cc_<uuid> for handles from Firefox, and you will see the number increase with each proxy request.