recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)

To: debian-devel@lists.debian.org
Subject: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
From: Yaroslav Halchenko <debian@onerussian.com>
Date: Mon, 12 Feb 2007 16:22:15 -0500
Message-id: <[🔎] 20070212212214.GE10550@washoe.onerussian.com>
Mail-followup-to: debian-devel@lists.debian.org

Dear All,

Since there is a small chance that there is an issue with libnss part of
libc6 I've decided to talk to -dev first (instead of filing libc6
bugreport or sending it to -users).  libc6 I have now is 2.3.6.ds1-8, I
know that I am 2 revisions behind etch version -need to figure out why
debmirror failed to update my mirror, but I want first to nail
problem down and I haven't mentioned obviousely relevant
changelog.Debian entry since -8.

I have a box (etch amd64) which had sash installed with created
sashroot account to run sash for the case of emergency. /etc/passwd had
it

,-------------------------------------
| root:x:0:0:root:/root:/bin/bash
| sashroot:x:0:0:root:/root:/bin/sash
`---

Box is also an NIS server for local network, so nsswitch has
,-----------------------
| passwd:     files nis
`---

/etc/security/access.conf has
,-------------------------------------------------------------------
| -:root:ALL EXCEPT xxx.xxx.edu @trustednet @clusternodes LOCAL
| -:sashroot:ALL EXCEPT xxx.xxx.edu @trustednet @clusternodes LOCAL
`---

Everything was working smooth, and I tried sashroot login a year or so
ago - everything was nice.

Today after I've 
1. adjusted netgroups and added another box
2. cd /var/yp ; make
3. tried to login as sashroot from another box which is not
   allowed due to /etc/security/access.conf restrictions

BANG -- uid=0 became to impersonated by sashroot. So all processes
by uid=0 reported as sashroot, whenever I login as root - whoami would
tell sashroot. Some services started to complain which relied on account
name...

Relevant entry in auth.log for sashroot attempt to login is plain
,----
| /var/log/auth.log:Feb 12 14:34:16 zzz pam_access[14290]: access denied for user `sashroot' from `yyy.xxx.edu'
`---

I could not figure out why that happened exactly, so I simply tuned
/etc/passwd and assigned bogus uid/gid  to sashroot entry
like
,-------------------------------------------
| sashroot:x:666:666:daemon:/root:/bin/sash
`---

that made it right to resolve the uids

I am wondering what the heck has happened and isn't it a libnss problem?

it might be that the problem was present there but wasn't triggered
since I didn't use sashroot for a while. The most recent upgrade was
2007-02-09 16:17:05 upgrade libc6-i386 2.3.6.ds1-7 2.3.6.ds1-8
2007-02-09 16:17:10 upgrade libc6-dev 2.3.6.ds1-7 2.3.6.ds1-8
2007-02-09 16:17:20 upgrade libc6 2.3.6.ds1-7 2.3.6.ds1-8

Thanks everyone in advance for clarifying my ignorance and giving me
ideas...

-- 
                                  .-.
=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]

Reply to:

Follow-Ups:
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Steve Langasek <vorlon@debian.org>

Prev by Date: Re: New General resolution proposed
Next by Date: Re: Handling of (inactive) Debian Accounts
Previous by thread: Bug#410702: ITP: xmoto-edit -- Editor for xmoto, a 2D motocross platform game
Next by thread: Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
Index(es):
- Date
- Thread