Date: Sat, 27 Mar 1999 20:13:49 +0100 (CET) From: des@flood.ping.uio.no To: FreeBSD-gnats-submit@freebsd.org Subject: bin/10821: getpwent() fails on NIS clients after dropping privs Message-ID: <199903271913.UAA70054@flood.ping.uio.no>
next in thread | raw e-mail | index | archive | help
>Number: 10821 >Category: bin >Synopsis: getpwent() fails on NIS clients after dropping privs >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 27 11:20:01 PST 1999 >Closed-Date: >Last-Modified: >Originator: Dag-Erling Smorgrav >Release: FreeBSD 3.1-STABLE i386 >Organization: >Environment: FreeBSD 3.1 or 4.0 configured as NIS client of a FreeBSD NIS server with master.passwd maps. >Description: The first time it runs, the NIS code in src/lib/libc/gen/getpwent.c attempts to determine whether or not it has access to master.passwd. The result of this test is saved in the global variable _gotmaster. If the NIS server is a FreeBSD machine, it will only grant access to those maps if the request originates from a privileged port. Thus the test will only succeed if the process has an effective UID of 0 the first time the NIS code runs. The catch is that the NIS lookup code in src/lib/libc/yp/yplib.c closes the NIS socket and reconnects if it detects a fork. It does this by storing the pid when connecting, and checking that it is still the same before every lookup. If the calling process drops privileges and forks, getpwent.c will try to access master.passwd, but yplib.c will not be able to connect from a privileged port. The NIS lookup will fail. >How-To-Repeat: One piece of software which very clearly exhibits this problem is the Apache HTTP daemon. Attempts to request any user's home page will fail if the daemon runs on a NIS client and the requested user is listed in the NIS password maps but not in the local password database. >Fix: src/lib/libc/gen/getpwent.c should retry lookups in the regular maps if lookups in the restricted maps fail. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903271913.UAA70054>