Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
On Tue, Feb 13, 2007 at 11:37:55PM -0500, Yaroslav Halchenko wrote:
> And you are guys share the prize! the cause is indeed in nscd: problem goes
> away if I stop nscd, and comes back when I start it. And it might be that
> originally I didn't have nscd running, which is why I didn't observe this
> behavior. nscd --debug didn't show anything interesting besides first hit
> against not yet known sashroot and then requests to resolve uid=0.
> Since, I assume, behavior of the system should be preserved while running
> nscd, this issue is an nscd bug, since nscd changes the way uids get
> resolved. Is that correct?
Again, I believe the behavior is not a bug because the behavior of
getpwuid() when two users share the same uid is undefined.
This behavior is related to other nscd issues in the past that /were/ bugs
though, and security bugs at that -- because nscd caches lookups as 1:1
maps, it was possible to poison nscd's dns cache by triggering a lookup of
an IP whose reverse-DNS had been set to a hostname that you wanted to take
over. I think that bug was fixed by breaking the link between forward and
reverse DNS caching, but there was no reason to break the link for
user/group caching because those should legitimately be bidirectional maps.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon@debian.org http://www.debian.org/
Reply to: