Hi Russell, Russell Coker <russell@coker.com.au> (2017-11-05): > Package: debian-installer > Severity: minor > > https://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/amd64/iso-cd/ > > I just did an install from the image downloaded from the above URL using > debootstrap. I'm not sure if this bug applies to debian-installed, > debootstrap, or both. > > When I installed it the /etc/nsswitch.conf file had the following entries: > passwd: compat > group: compat > shadow: compat > > According to nsswitch.conf(5) the "compat" line is to enable entries that > start with "+" or "-" for special NIS operations. > > The benefit in having compat as the default is minor even for the tiny minority > of users who have NIS enabled. Putting in compat entries in /etc/nsswitch.conf > is a tiny part of the work required to enable NIS. I don't think that people > who use NIS would find it an inconvenience to have "files" as the default. > > Currently we are having a discussion on the SE Linux policy mailing list about > the permission for memory mapping files. /lib/libnss_compat.so.X needs to > map them which means that most domains need map access to etc_t while > /lib/libnss_files.so.X doesn't map them and doesn't need such access. > > By default I advocate for changing SE Linux policy rather than changing system > configuration. But in this case I can't see any downside in making the default > to use "files". Having less complex parsing of those files seems like a good > benefit too. As a general rule less complex code will tend to have fewer > security issues. kibi@armor:~$ grep /etc/nsswitch.conf /var/lib/dpkg/info/*postinst /var/lib/dpkg/info/libc-bin.postinst: install_from_default /usr/share/libc-bin/nsswitch.conf /etc/nsswitch.conf /var/lib/dpkg/info/libc-bin.postinst: update_to_current_default /usr/share/libc-bin/nsswitch.conf /etc/nsswitch.conf so either reassign your bug report against the proper glibc package, or close this one, and open a new one there? KiBi.
Attachment:
signature.asc
Description: PGP signature