Re: Last NSS commit is very dangerous

From: Jacques A. Vidrine <nectar_at_FreeBSD.org>
Date: Thu, 1 Apr 2004 10:32:58 -0600
On Thu, Apr 01, 2004 at 08:04:31PM +0400, Andrey Chernov wrote:
> On Wed, Mar 31, 2004 at 12:39:21PM -0600, Jacques A. Vidrine wrote:
> > I'd really like DETAILS from anyone else encountering any difficulties
> > after yesterday's NSS commit.  I have so far been unable to reproduce
> > the issue, nor has the patch submitter been able to reproduce it.
> 
> I found exact reason (which also explain why nobody still not been
> hitted). Somehow while editing my /etc/nsswitch.conf access mode becomes
> 0600 while owned by root, i.e. no access from user programs. It
> immediately case bugs I describe. 

Thank you very much for investigating further!

> But previous NSS variant can handle this unreadable
> /etc/nsswitch.conf nicely, probably using defaults.

I believe you are mistaken.  Are you 100% certain that revision 1.10 of
nsdispatch.c falls back to defaults if /etc/nsswitch.conf exists but is
unreadable?  I believe that in this case, the result has always been to
return NS_UNAVAIL for all nsdispatch() requests.

> I think new variant should be fixed to do the same.

I believe that the ``new variant'' behaves exactly as it has since
before 5.2-RELEASE in this case.

> Unreadable /etc/nsswitch.conf is not enough reason to stop working.

``unreadable /etc/nsswitch.conf'' is a different situation than ``no
/etc/nsswitch.conf''.  The latter means ``gimme the defaults''.  The
former means ``disable NSS''.

I'm willing to listen to arguments that these two situations should be
treated exactly the same.

Cheers,
-- 
Jacques Vidrine / nectar_at_celabo.org / jvidrine_at_verio.net / nectar_at_freebsd.org
Received on Thu Apr 01 2004 - 06:32:59 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:49 UTC