public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/15385] New: Results from "getent group" may be truncated with nss_db
@ 2013-04-22 22:11 wjones at fluke dot com
2013-04-22 22:12 ` [Bug libc/15385] " wjones at fluke dot com
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: wjones at fluke dot com @ 2013-04-22 22:11 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15385
Bug #: 15385
Summary: Results from "getent group" may be truncated with
nss_db
Product: glibc
Version: 2.15
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: unassigned@sourceware.org
ReportedBy: wjones@fluke.com
CC: drepper.fsp@gmail.com
Classification: Unclassified
The results from "getent group" may be truncated when using nss_db. This will
happen when getgrent() encounters a group entry long enough to overflow the
default 1024 byte buffer. getgrent() sets errno to ERANGE and returns NULL,
but getent fails to check errno, and truncates the results at this point.
Two things make me suspect that this failure is avoidable:
1. Requesting a specific long group entry will return it in full, e.g.:
getent group myverylonggroup
2. Our local configuration in /etc/nsswitch.conf looks like this:
group: files db
Long entries in group.db will cause output from "getent group" to be
truncated as described, but if I add a long entry to /etc/group, it will be
output in full, along with all subsequent entries in group.db. It appears that
that nss_files will grow the buffer as required, and then the expanded buffer
is used by nss_db.
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/15385] Results from "getent group" may be truncated with nss_db
2013-04-22 22:11 [Bug libc/15385] New: Results from "getent group" may be truncated with nss_db wjones at fluke dot com
@ 2013-04-22 22:12 ` wjones at fluke dot com
2014-06-13 18:22 ` fweimer at redhat dot com
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: wjones at fluke dot com @ 2013-04-22 22:12 UTC (permalink / raw)
To: glibc-bugs
http://sourceware.org/bugzilla/show_bug.cgi?id=15385
Warren Jones <wjones at fluke dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |wjones at fluke dot com
--
Configure bugmail: http://sourceware.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/15385] Results from "getent group" may be truncated with nss_db
2013-04-22 22:11 [Bug libc/15385] New: Results from "getent group" may be truncated with nss_db wjones at fluke dot com
2013-04-22 22:12 ` [Bug libc/15385] " wjones at fluke dot com
@ 2014-06-13 18:22 ` fweimer at redhat dot com
2015-04-08 20:19 ` kbonner at gmail dot com
2015-08-27 21:54 ` [Bug nss/15385] " jsm28 at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: fweimer at redhat dot com @ 2014-06-13 18:22 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15385
Florian Weimer <fweimer at redhat dot com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |fweimer at redhat dot com
Flags| |security+
--- Comment #1 from Florian Weimer <fweimer at redhat dot com> ---
As groups can be used to deny privileges (see DenyGroups in OpenSSH), this is a
potential minor security issue.
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug libc/15385] Results from "getent group" may be truncated with nss_db
2013-04-22 22:11 [Bug libc/15385] New: Results from "getent group" may be truncated with nss_db wjones at fluke dot com
2013-04-22 22:12 ` [Bug libc/15385] " wjones at fluke dot com
2014-06-13 18:22 ` fweimer at redhat dot com
@ 2015-04-08 20:19 ` kbonner at gmail dot com
2015-08-27 21:54 ` [Bug nss/15385] " jsm28 at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: kbonner at gmail dot com @ 2015-04-08 20:19 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15385
kbonner at gmail dot com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kbonner at gmail dot com
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug nss/15385] Results from "getent group" may be truncated with nss_db
2013-04-22 22:11 [Bug libc/15385] New: Results from "getent group" may be truncated with nss_db wjones at fluke dot com
` (2 preceding siblings ...)
2015-04-08 20:19 ` kbonner at gmail dot com
@ 2015-08-27 21:54 ` jsm28 at gcc dot gnu.org
3 siblings, 0 replies; 5+ messages in thread
From: jsm28 at gcc dot gnu.org @ 2015-08-27 21:54 UTC (permalink / raw)
To: glibc-bugs
https://sourceware.org/bugzilla/show_bug.cgi?id=15385
Joseph Myers <jsm28 at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Component|libc |nss
--
You are receiving this mail because:
You are on the CC list for the bug.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-08-27 21:54 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2013-04-22 22:11 [Bug libc/15385] New: Results from "getent group" may be truncated with nss_db wjones at fluke dot com
2013-04-22 22:12 ` [Bug libc/15385] " wjones at fluke dot com
2014-06-13 18:22 ` fweimer at redhat dot com
2015-04-08 20:19 ` kbonner at gmail dot com
2015-08-27 21:54 ` [Bug nss/15385] " jsm28 at gcc dot gnu.org
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).