Bug#295680: libc6: getgrname returns a result that doesn't belong to /etc/group

[GOTO Masanori <gotom@debian.or.jp>]

At Thu, 17 Feb 2005 13:37:25 +0100,
Vincent Lefevre wrote:
> The getgrname(3) man page says:
> 
>   The getgrnam() function returns a pointer to a structure containing the
>   group information from /etc/group for the entry that matches the  group
>   name name.
> 
> But here, the getgrname function returns a result that doesn't belong
> to /etc/group, which seems to lead by side effects to a security hole
> (more details below).

Does this manpage say correctly?  i.e. Is getgrnam tightly coupled
with /etc/group?

> It gives here, where slocate is group 21 in NIS:
> 
> $ ./grname slocate
> 21 (slocate)
> $ grep slocate /etc/group
> zsh: exit 1     grep slocate /etc/group
> $ grep 21 /etc/group
> fax:x:21:
> 
> As a consequence:
> 
> # touch blah
> # chown root.slocate blah
> # ls -l blah
> -rw-r--r--  1 root fax 0 2005-02-17 13:30:13 blah
>                    ^^^
> 
> This could also explain why groupadd (to add a group to /etc/group)
> fails if a group with the same name exists via NIS.

I guess you specify in /etc/nsswitch.conf that nis is prior than
files for group lookup.

Regards,
-- gotom