libnss-ldap/libpam-ldap security issue
Hello,
I posted this to my local mailing list, but got no answer. This is as on
Debian/etch.
It would appear sudo, a secure program, is reading ldap configuration
from an insecure file, when pam/nss is configured to use ldap.
brian@sys11:~$ sudo -k
brian@sys11:~$ mv .ldaprc.bad .ldaprc
brian@sys11:~$ sudo /bin/bash
Password:
Segmentation fault
brian@sys11:~$ sudo -k
brian@sys11:~$ mv .ldaprc .ldaprc.bad
brian@sys11:~$ sudo /bin/bash
Password:
brian@sys11:~$ sudo -k
brian@sys11:~$ mv .ldaprc.bad .ldaprc
brian@sys11:~$ ulimit -c unlimited
brian@sys11:~$ sudo /bin/bash
Password:
Segmentation fault
I am not concerned so much about the segfault, that probably has already
been fixed in the latest software anyway. It would appear a
non-privileged user can change the defaults used by sudo for LDAP
authentication, and that would appear to be a bad thing.
Is there anyway to configure the ldap libraries not to read from
$HOME/.ldaprc?
Brian May
Reply to: