recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
Dear All,
Since there is a small chance that there is an issue with libnss part of
libc6 I've decided to talk to -dev first (instead of filing libc6
bugreport or sending it to -users). libc6 I have now is 2.3.6.ds1-8, I
know that I am 2 revisions behind etch version -need to figure out why
debmirror failed to update my mirror, but I want first to nail
problem down and I haven't mentioned obviousely relevant
changelog.Debian entry since -8.
I have a box (etch amd64) which had sash installed with created
sashroot account to run sash for the case of emergency. /etc/passwd had
it
,-------------------------------------
| root:x:0:0:root:/root:/bin/bash
| sashroot:x:0:0:root:/root:/bin/sash
`---
Box is also an NIS server for local network, so nsswitch has
,-----------------------
| passwd: files nis
`---
/etc/security/access.conf has
,-------------------------------------------------------------------
| -:root:ALL EXCEPT xxx.xxx.edu @trustednet @clusternodes LOCAL
| -:sashroot:ALL EXCEPT xxx.xxx.edu @trustednet @clusternodes LOCAL
`---
Everything was working smooth, and I tried sashroot login a year or so
ago - everything was nice.
Today after I've
1. adjusted netgroups and added another box
2. cd /var/yp ; make
3. tried to login as sashroot from another box which is not
allowed due to /etc/security/access.conf restrictions
BANG -- uid=0 became to impersonated by sashroot. So all processes
by uid=0 reported as sashroot, whenever I login as root - whoami would
tell sashroot. Some services started to complain which relied on account
name...
Relevant entry in auth.log for sashroot attempt to login is plain
,----
| /var/log/auth.log:Feb 12 14:34:16 zzz pam_access[14290]: access denied for user `sashroot' from `yyy.xxx.edu'
`---
I could not figure out why that happened exactly, so I simply tuned
/etc/passwd and assigned bogus uid/gid to sashroot entry
like
,-------------------------------------------
| sashroot:x:666:666:daemon:/root:/bin/sash
`---
that made it right to resolve the uids
I am wondering what the heck has happened and isn't it a libnss problem?
it might be that the problem was present there but wasn't triggered
since I didn't use sashroot for a while. The most recent upgrade was
2007-02-09 16:17:05 upgrade libc6-i386 2.3.6.ds1-7 2.3.6.ds1-8
2007-02-09 16:17:10 upgrade libc6-dev 2.3.6.ds1-7 2.3.6.ds1-8
2007-02-09 16:17:20 upgrade libc6 2.3.6.ds1-7 2.3.6.ds1-8
Thanks everyone in advance for clarifying my ignorance and giving me
ideas...
--
.-.
=------------------------------ /v\ ----------------------------=
Keep in touch // \\ (yoh@|www.)onerussian.com
Yaroslav Halchenko /( )\ ICQ#: 60653192
Linux User ^^-^^ [175555]
Reply to: