public inbox for glibc-bugs@sourceware.org help / color / mirror / Atom feed
From: "drepper at redhat dot com" <sourceware-bugzilla@sourceware.org> To: glibc-bugs@sources.redhat.com Subject: [Bug libc/11134] getpwnam shows shadow passwords of NIS users Date: Tue, 06 Apr 2010 22:53:00 -0000 [thread overview] Message-ID: <20100406225330.17516.qmail@sourceware.org> (raw) In-Reply-To: <20100105092632.11134.Christoph.Pleger@cs.tu-dortmund.de> ------- Additional Comments From drepper at redhat dot com 2010-04-06 22:53 ------- I'm not so sure about either change. The server can regulate which process can read the passwd.adjunct database using the source port number. A value < 1024 would indicate privileges. If an attacker can illegally bind a socket to a low port security is already compromised. The code in libc will ignore the error from being denied access and will use the original entry from /etc/passwd as-is. That's how it is meant to be used. In this model processes with privileges can get to the information. Especially because I don't think imitating the shadow file using the passwd.adjunct content is going to work. You say there are two fields missing in passwd.adjunct. In theory perhaps true but I have not found anywhere any indication that usually the file contains any information except the first two fields. That's not really the correct content for the file. It means no password aging etc happens. Changing the implementation along your patch sounds arbitrary. The current behavior re filling in the password might be used by some people. There is no way in Sun's implementation to enable behavior like this? There is no setting in Sun's ypserv to restrict access based on ports? I cannot change it without a good reason. The bigger problem is the synthetic shadow file. I don't like this at all. If you want a shadow file, why don't you export one from the server? I realize that if you say you don't want a shadow file and restricted access to passwd and the server doesn't have port-based access control that you then want these changes. But these are lots of ifs. The current libc implementation works perfectly if you use the model I described. You get a full passwd file for privileged users and a version without the password for non-privileged users. This is a sensible model and your patch would cause it to stop working. -- What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |WAITING http://sourceware.org/bugzilla/show_bug.cgi?id=11134 ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
next prev parent reply other threads:[~2010-04-06 22:53 UTC|newest] Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top 2010-01-05 9:26 [Bug libc/11134] New: " Christoph dot Pleger at cs dot tu-dortmund dot de 2010-01-05 9:28 ` [Bug libc/11134] " Christoph dot Pleger at cs dot tu-dortmund dot de 2010-01-06 7:59 ` Christoph dot Pleger at cs dot tu-dortmund dot de 2010-02-17 13:15 ` Christoph dot Pleger at cs dot tu-dortmund dot de 2010-02-17 13:18 ` Christoph dot Pleger at cs dot tu-dortmund dot de 2010-04-05 20:20 ` drepper at redhat dot com 2010-04-05 20:20 ` drepper at redhat dot com 2010-04-06 22:53 ` drepper at redhat dot com [this message] 2010-04-07 14:41 ` drepper at redhat dot com [not found] <bug-11134-131@http.sourceware.org/bugzilla/> 2014-02-16 19:35 ` jackie.rosen at hushmail dot com 2014-05-28 19:44 ` schwab at sourceware dot org 2014-06-30 20:29 ` fweimer at redhat dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20100406225330.17516.qmail@sourceware.org \ --to=sourceware-bugzilla@sourceware.org \ --cc=glibc-bugs@sources.redhat.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).