libnss-ldap/libpam-ldap security issue

To: debian-devel@lists.debian.org
Subject: libnss-ldap/libpam-ldap security issue
From: Brian May <bam@snoopy.debian.net>
Date: Tue, 10 Jun 2008 14:30:36 +1000
Message-id: <[🔎] 484E036C.9050601@snoopy.debian.net>

Hello,

I posted this to my local mailing list, but got no answer. This is as onDebian/etch.

It would appear sudo, a secure program, is reading ldap configurationfrom an insecure file, when pam/nss is configured to use ldap.


brian@sys11:~$ sudo -k
brian@sys11:~$ mv .ldaprc.bad .ldaprc
brian@sys11:~$ sudo /bin/bash
Password:
Segmentation fault
brian@sys11:~$ sudo -k
brian@sys11:~$ mv .ldaprc .ldaprc.bad
brian@sys11:~$ sudo /bin/bash
Password:

brian@sys11:~$ sudo -k
brian@sys11:~$ mv .ldaprc.bad .ldaprc
brian@sys11:~$ ulimit -c unlimited
brian@sys11:~$ sudo /bin/bash
Password:
Segmentation fault

I am not concerned so much about the segfault, that probably has alreadybeen fixed in the latest software anyway. It would appear anon-privileged user can change the defaults used by sudo for LDAPauthentication, and that would appear to be a bad thing.

Is there anyway to configure the ldap libraries not to read from$HOME/.ldaprc?


Brian May

Reply to:

Follow-Ups:
- Re: libnss-ldap/libpam-ldap security issue
  - From: Russ Allbery <rra@debian.org>

Prev by Date: Bug#485553: ITP: charybdis -- fast, scalable irc server
Next by Date: Mien phi lap dat ADSL va DTCD. Tang Modem va dien thoai
Previous by thread: Re: Bug#485553: ITP: charybdis -- fast, scalable irc server
Next by thread: Re: libnss-ldap/libpam-ldap security issue
Index(es):
- Date
- Thread