Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 27 Mar 1999 20:13:49 +0100 (CET)
From:      des@flood.ping.uio.no
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/10821: getpwent() fails on NIS clients after dropping privs
Message-ID:  <199903271913.UAA70054@flood.ping.uio.no>
next in thread | raw e-mail | index | archive | help 

>Number:         10821
>Category:       bin
>Synopsis:       getpwent() fails on NIS clients after dropping privs
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 27 11:20:01 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Dag-Erling Smorgrav
>Release:        FreeBSD 3.1-STABLE i386
>Organization:
>Environment:

FreeBSD 3.1 or 4.0 configured as NIS client of a FreeBSD NIS server
with master.passwd maps.

>Description:

The first time it runs, the NIS code in src/lib/libc/gen/getpwent.c
attempts to determine whether or not it has access to master.passwd.
The result of this test is saved in the global variable _gotmaster. If
the NIS server is a FreeBSD machine, it will only grant access to
those maps if the request originates from a privileged port. Thus the
test will only succeed if the process has an effective UID of 0 the
first time the NIS code runs.

The catch is that the NIS lookup code in src/lib/libc/yp/yplib.c
closes the NIS socket and reconnects if it detects a fork. It does
this by storing the pid when connecting, and checking that it is still
the same before every lookup. If the calling process drops privileges
and forks, getpwent.c will try to access master.passwd, but yplib.c
will not be able to connect from a privileged port. The NIS lookup
will fail.

>How-To-Repeat:

One piece of software which very clearly exhibits this problem is the
Apache HTTP daemon. Attempts to request any user's home page will fail
if the daemon runs on a NIS client and the requested user is listed in
the NIS password maps but not in the local password database.

>Fix:
	
src/lib/libc/gen/getpwent.c should retry lookups in the regular maps
if lookups in the restricted maps fail.


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903271913.UAA70054>