Re: perl or libc6 bug?: getpwnam('root') in NIS environment

[Stephen Zander <gibreel@pobox.com>]

>>>>> "Heiko" == Heiko Schlittermann <heiko@datom.de> writes:
    Heiko>     #! /usr/bin/perl print (getpwnam('root'))[1], "\n";

    Heiko> returns the root encrypted password from the NIS-Servers
    Heiko> /etc/shadow ...!!

    Heiko>     /etc/nsswitch reads as: passwd: files nis #compat
    Heiko> group: files nis #compat shadow: files nis #compat

    Heiko> And root is in /etc/{passwd,shadow} on the local host.

As the (probable) author of the patch to perl that provide this
functionality, my answer is yes & no.

An unpatched perl knows nothing at all about getsp*, nor /etc/shadow.
Therefore you'll never get anything in the passwd field except what
the getpwnam call places there, from /etc/passwd or wherever it finds
things.

A patched perl performs a getspnam call as part of perl's getpwnam
call.  This will work iff you have sufficient privileges, as you would
expect, otherwise you get 'undef' for that value.

Therefore, there are three possible scenarios and none of them involve
perl (directly).

1) perl isn't patched and getpwnam is broken.
2) perl is patched and getspnam is broken.
3) perl is patched and nothing is broken.

My money's on 3).  Are you *sure* that it's the encrypted password of
the NIS server and not the root password for the client?

-- 
Stephen
---
Long noun chains don't automatically imply security. - Bruce Schneier