[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)



On Fri, Feb 16, 2007 at 10:45:53AM +1100, Brian May wrote:
> >>>>> "Pierre" == Pierre Habouzit <madcoder@debian.org> writes:
> 
>     Pierre>   I totally agree with that. the _gnu libc_ getpwuid
>     Pierre> implementation is nothing, even not a de facto
>     Pierre> standard. I'm almost sure it does not behave the same on
>     Pierre> other OS'es.
> 
> I suspect you will find it behaves in much the same way on all Unix
> like operating systems, unless caching is used or /etc/passwd has been
> replaced with a db file or database (do any OS do this by default?).

  Well, yeah, many Unixes allow NIS or alike configurations, and in case
of identical names mapped on the same uid, the uid -> name resolution is
not deterministic. This is IMHO a very bad idea to have such setups
anyway, and I don't see a valid reason to specifically deal with them.

  And a lot of people enable ldap/NIS/... even if it's not the default
setup. Ldap or NIS for NSS and PAM is not really what we can call a rare
setup.

> Unfortunately, like it or not, many people have seen it as a de-facto
> standard - if this is a defacto standard we want to preserve or not is
> another matter.

  *shrug*, wrt nscd, I won't spend time on that. Well, if Aurélien
thinks it's a bug then I'll remove the wontfix tag, but IMHO relying on
the implementation of an un{specified,documented} behaviour is a bad
thing. Not to mention the possible security issues with that too.

-- 
·O·  Pierre Habouzit
··O                                                madcoder@debian.org
OOO                                                http://www.madism.org

Attachment: pgp7iseNATUOH.pgp
Description: PGP signature


Reply to: