[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)

Dear All,

Since there is a small chance that there is an issue with libnss part of
libc6 I've decided to talk to -dev first (instead of filing libc6
bugreport or sending it to -users).  libc6 I have now is 2.3.6.ds1-8, I
know that I am 2 revisions behind etch version -need to figure out why
debmirror failed to update my mirror, but I want first to nail
problem down and I haven't mentioned obviousely relevant
changelog.Debian entry since -8.

I have a box (etch amd64) which had sash installed with created
sashroot account to run sash for the case of emergency. /etc/passwd had

| root:x:0:0:root:/root:/bin/bash
| sashroot:x:0:0:root:/root:/bin/sash

Box is also an NIS server for local network, so nsswitch has
| passwd:     files nis

/etc/security/access.conf has
| -:root:ALL EXCEPT xxx.xxx.edu @trustednet @clusternodes LOCAL
| -:sashroot:ALL EXCEPT xxx.xxx.edu @trustednet @clusternodes LOCAL

Everything was working smooth, and I tried sashroot login a year or so
ago - everything was nice.

Today after I've 
1. adjusted netgroups and added another box
2. cd /var/yp ; make
3. tried to login as sashroot from another box which is not
   allowed due to /etc/security/access.conf restrictions

BANG -- uid=0 became to impersonated by sashroot. So all processes
by uid=0 reported as sashroot, whenever I login as root - whoami would
tell sashroot. Some services started to complain which relied on account

Relevant entry in auth.log for sashroot attempt to login is plain
| /var/log/auth.log:Feb 12 14:34:16 zzz pam_access[14290]: access denied for user `sashroot' from `yyy.xxx.edu'

I could not figure out why that happened exactly, so I simply tuned
/etc/passwd and assigned bogus uid/gid  to sashroot entry
| sashroot:x:666:666:daemon:/root:/bin/sash

that made it right to resolve the uids

I am wondering what the heck has happened and isn't it a libnss problem?

it might be that the problem was present there but wasn't triggered
since I didn't use sashroot for a while. The most recent upgrade was
2007-02-09 16:17:05 upgrade libc6-i386 2.3.6.ds1-7 2.3.6.ds1-8
2007-02-09 16:17:10 upgrade libc6-dev 2.3.6.ds1-7 2.3.6.ds1-8
2007-02-09 16:17:20 upgrade libc6 2.3.6.ds1-7 2.3.6.ds1-8

Thanks everyone in advance for clarifying my ignorance and giving me

=------------------------------   /v\  ----------------------------=
Keep in touch                    // \\     (yoh@|www.)onerussian.com
Yaroslav Halchenko              /(   )\               ICQ#: 60653192
                   Linux User    ^^-^^    [175555]

Reply to: