From owner-freebsd-current@FreeBSD.ORG Thu Apr 1 08:32:59 2004 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B1C816A4CF for ; Thu, 1 Apr 2004 08:32:59 -0800 (PST) Received: from gw.celabo.org (gw.celabo.org [208.42.49.153]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1618743D2F for ; Thu, 1 Apr 2004 08:32:59 -0800 (PST) (envelope-from nectar@celabo.org) Received: from madman.celabo.org (madman.celabo.org [10.0.1.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "madman.celabo.org", Issuer "celabo.org CA" (not verified)) by gw.celabo.org (Postfix) with ESMTP id 80E7E54840; Thu, 1 Apr 2004 10:32:58 -0600 (CST) Received: by madman.celabo.org (Postfix, from userid 1001) id 28C976D465; Thu, 1 Apr 2004 10:32:58 -0600 (CST) Date: Thu, 1 Apr 2004 10:32:58 -0600 From: "Jacques A. Vidrine" To: Andrey Chernov , current@freebsd.org Message-ID: <20040401163258.GA63164@madman.celabo.org> Mail-Followup-To: "Jacques A. Vidrine" , Andrey Chernov , current@freebsd.org References: <20040331133132.GA2106@nagual.pp.ru> <20040331183921.GA14949@madman.celabo.org> <20040401160429.GA3346@nagual.pp.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040401160429.GA3346@nagual.pp.ru> X-Url: http://www.celabo.org/ User-Agent: Mutt/1.5.6i Subject: Re: Last NSS commit is very dangerous X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 01 Apr 2004 16:32:59 -0000 On Thu, Apr 01, 2004 at 08:04:31PM +0400, Andrey Chernov wrote: > On Wed, Mar 31, 2004 at 12:39:21PM -0600, Jacques A. Vidrine wrote: > > I'd really like DETAILS from anyone else encountering any difficulties > > after yesterday's NSS commit. I have so far been unable to reproduce > > the issue, nor has the patch submitter been able to reproduce it. > > I found exact reason (which also explain why nobody still not been > hitted). Somehow while editing my /etc/nsswitch.conf access mode becomes > 0600 while owned by root, i.e. no access from user programs. It > immediately case bugs I describe. Thank you very much for investigating further! > But previous NSS variant can handle this unreadable > /etc/nsswitch.conf nicely, probably using defaults. I believe you are mistaken. Are you 100% certain that revision 1.10 of nsdispatch.c falls back to defaults if /etc/nsswitch.conf exists but is unreadable? I believe that in this case, the result has always been to return NS_UNAVAIL for all nsdispatch() requests. > I think new variant should be fixed to do the same. I believe that the ``new variant'' behaves exactly as it has since before 5.2-RELEASE in this case. > Unreadable /etc/nsswitch.conf is not enough reason to stop working. ``unreadable /etc/nsswitch.conf'' is a different situation than ``no /etc/nsswitch.conf''. The latter means ``gimme the defaults''. The former means ``disable NSS''. I'm willing to listen to arguments that these two situations should be treated exactly the same. Cheers, -- Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org