Bug#295680: libc6: getgrname returns a result that doesn't belong to /etc/group
On 2005-02-28 10:12:14 +0900, GOTO Masanori wrote:
> At Thu, 17 Feb 2005 13:37:25 +0100,
> Vincent Lefevre wrote:
> > The getgrname(3) man page says:
> >
> > The getgrnam() function returns a pointer to a structure containing the
> > group information from /etc/group for the entry that matches the group
> > name name.
> >
> > But here, the getgrname function returns a result that doesn't belong
> > to /etc/group, which seems to lead by side effects to a security hole
> > (more details below).
>
> Does this manpage say correctly? i.e. Is getgrnam tightly coupled
> with /etc/group?
What do you mean?
> > It gives here, where slocate is group 21 in NIS:
> >
> > $ ./grname slocate
> > 21 (slocate)
> > $ grep slocate /etc/group
> > zsh: exit 1 grep slocate /etc/group
> > $ grep 21 /etc/group
> > fax:x:21:
> >
> > As a consequence:
> >
> > # touch blah
> > # chown root.slocate blah
> > # ls -l blah
> > -rw-r--r-- 1 root fax 0 2005-02-17 13:30:13 blah
> > ^^^
> >
> > This could also explain why groupadd (to add a group to /etc/group)
> > fails if a group with the same name exists via NIS.
>
> I guess you specify in /etc/nsswitch.conf that nis is prior than
> files for group lookup.
My /etc/nsswitch.conf contains:
group: files nis
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / SPACES project at LORIA
Reply to: