Bug#566297: getpwuid -- perl 5.10

To: Dave Serls <dave@dashs.denver.co.us>
Cc: 566297@bugs.debian.org
Subject: Bug#566297: getpwuid -- perl 5.10
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Mon, 25 Jan 2010 21:06:49 +0100
Message-id: <[🔎] 20100125200649.GE4014@hall.aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 566297@bugs.debian.org
In-reply-to: <20100125113813.5cea4a88@harpo.dashs.denver.co.us>
References: <[🔎] 20100123122259.51c447a7@harpo.dashs.denver.co.us> <[🔎] 4B5DD377.2020800@aurel32.net> <20100125113813.5cea4a88@harpo.dashs.denver.co.us>

On Mon, Jan 25, 2010 at 11:38:13AM -0700, Dave Serls wrote:
> On Mon, 25 Jan 2010 18:23:03 +0100
> Aurelien Jarno <aurelien@aurel32.net> wrote:
> 
> > Dave Serls a écrit :
> > > Generates many messages of the form:
> > > ypserv[1349]: refused connect from 192.168.1.1:35691 to procedure
> > > ypproc_match
> > > (dashs.denver.co.us,passwd.adjunct.byname;-1)
> > 
> > I guess it is on the server right? This mesages is there, as it refuses
> > to serve a passwd.adjunct.byname to a non-priviledged user (coming from
> > a port >= 1024).
> 
>     Yes, the ypserv on the old Mandrake system gives the error.
> > 
> > > which appear to be provoked by some NSS call from 'wget'.
> > > This was never the case with previous libnss_nis.so
> > >
> > > I've narrowed down the source of the NIS ypmatch call to a
> > > invocation of the getpwuid() primitive in perl 5.10.0.
> > > 
> > 
> > That's strange, because with the patch to fix the NIS shadow leak,
> > passwd.adjunct.byname calls have been removed for normal calls, and are
> > now only done when querying shadow entries.
> > 
> > Have you tried to reproduce the bug by running a simple C code calling
> > getpwuid()?
> 
>    OK, I'll try that now.  A straight call to getpwuid does not
>    generate the error.  So it must be something extra that perl 5.10 is
>    doing in its call.
> > 
> > Also, can you please share the contents of your /etc/nsswitch.conf?
> 
>   it is attached.
> 
>   I might add that there are no regular user entries in the local passwd/shadow files
>   for the work station, so NIS must be used.
> 
>   I changed the code in the perl script "GrabWeather" to not use the "getwpuid" primitive
>   and almost all the 'ypmatch ' errors have stopped.  There is one that occurs out of the morning
>   anacron of cron.daily that I can't locate yet.
> 

Thanks for the info, I have been able to reproduce the problem here.
Can you please confirm that even before you get this same kind of lines
with "shadow.byname" instead (at least with the default ypserv config)?

I'll work on a fix asap, don't know how it will be distributed though.
I'll probably ask you to test some preliminary packages.

-- 
Aurelien Jarno	                        GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- Bug#566297: getpwuid -- perl 5.10
  - From: Dave Serls <dave@dashs.denver.co.us>
- Bug#566297: getpwuid -- perl 5.10
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Processed: your mail
Next by Date: Bug#566844: libc6 causing "Authentication service cannot retrieve authentication info"
Previous by thread: Bug#566297: getpwuid -- perl 5.10
Next by thread: Bug#566297: getpwuid -- perl 5.10
Index(es):
- Date
- Thread