Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)

To: debian-devel@lists.debian.org
Subject: Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
From: Steve Langasek <vorlon@debian.org>
Date: Wed, 14 Feb 2007 00:33:06 -0800
Message-id: <[🔎] 20070214083306.GA20346@mauritius.dodds.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20070214043754.GJ10550@washoe.onerussian.com>
References: <[🔎] 20070212212214.GE10550@washoe.onerussian.com> <[🔎] 20070212223200.GD7627@mauritius.dodds.net> <[🔎] 20070212231052.GF10550@washoe.onerussian.com> <[🔎] 20070213025804.GG10550@washoe.onerussian.com> <[🔎] 20070213031148.GH28358@mauritius.dodds.net> <[🔎] sa4abzhhdct.fsf@margay.local> <[🔎] 20070213231844.GA10772@borges.dodds.net> <[🔎] 20070214043754.GJ10550@washoe.onerussian.com>

On Tue, Feb 13, 2007 at 11:37:55PM -0500, Yaroslav Halchenko wrote:
> And you are guys share the prize! the cause is indeed in nscd: problem goes
> away if I stop nscd, and comes back when I start it. And it might be that
> originally I didn't have nscd running, which is why I didn't observe this
> behavior.  nscd --debug didn't show anything interesting besides first hit
> against not yet known sashroot and then requests to resolve uid=0.

> Since, I assume, behavior of the system should be preserved while running
> nscd, this issue is an nscd bug, since nscd changes the way uids get
> resolved. Is that correct?

Again, I believe the behavior is not a bug because the behavior of
getpwuid() when two users share the same uid is undefined.

This behavior is related to other nscd issues in the past that /were/ bugs
though, and security bugs at that -- because nscd caches lookups as 1:1
maps, it was possible to poison nscd's dns cache by triggering a lookup of
an IP whose reverse-DNS had been set to a hostname that you wanted to take
over.  I think that bug was fixed by breaking the link between forward and
reverse DNS caching, but there was no reason to break the link for
user/group caching because those should legitimately be bidirectional maps.

-- 
Steve Langasek                   Give me a lever long enough and a Free OS
Debian Developer                   to set it on, and I can move the world.
vorlon@debian.org                                   http://www.debian.org/

Reply to:

Follow-Ups:
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Ian Jackson <ian@davenant.greenend.org.uk>

References:
- recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Steve Langasek <vorlon@debian.org>
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Yaroslav Halchenko <debian@onerussian.com>
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Steve Langasek <vorlon@debian.org>
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Brian May <bam@snoopy.debian.net>
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Steve Langasek <vorlon@debian.org>
- Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
  - From: Yaroslav Halchenko <debian@onerussian.com>

Prev by Date: Re: P3 capabilities (was dselect memory use)
Next by Date: Re: fluxbox
Previous by thread: Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
Next by thread: Re: recent etch upgrade... sashroot (uid=0) started to impersonate uid=0 (root)
Index(es):
- Date
- Thread