Re: Last NSS commit is very dangerous

From: Jacques A. Vidrine (nectar_at_FreeBSD.org)
Date: 04/01/04

  • Next message: Daniel Eischen: "Re: nss_ldap broken" 
    Date: Thu, 1 Apr 2004 10:32:58 -0600
To: Andrey Chernov <ache@nagual.pp.ru>, current@freebsd.org

    On Thu, Apr 01, 2004 at 08:04:31PM +0400, Andrey Chernov wrote:
    > On Wed, Mar 31, 2004 at 12:39:21PM -0600, Jacques A. Vidrine wrote:
    > > I'd really like DETAILS from anyone else encountering any difficulties
    > > after yesterday's NSS commit. I have so far been unable to reproduce
    > > the issue, nor has the patch submitter been able to reproduce it.
    >
    > I found exact reason (which also explain why nobody still not been
    > hitted). Somehow while editing my /etc/nsswitch.conf access mode becomes
    > 0600 while owned by root, i.e. no access from user programs. It
    > immediately case bugs I describe.

    Thank you very much for investigating further!

    > But previous NSS variant can handle this unreadable
    > /etc/nsswitch.conf nicely, probably using defaults.

    I believe you are mistaken. Are you 100% certain that revision 1.10 of
    nsdispatch.c falls back to defaults if /etc/nsswitch.conf exists but is
    unreadable? I believe that in this case, the result has always been to
    return NS_UNAVAIL for all nsdispatch() requests.

    > I think new variant should be fixed to do the same.

    I believe that the ``new variant'' behaves exactly as it has since
    before 5.2-RELEASE in this case.

    > Unreadable /etc/nsswitch.conf is not enough reason to stop working.

    ``unreadable /etc/nsswitch.conf'' is a different situation than ``no
    /etc/nsswitch.conf''. The latter means ``gimme the defaults''. The
    former means ``disable NSS''.

    I'm willing to listen to arguments that these two situations should be
    treated exactly the same.

    Cheers, 

    -- 
Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
  • Next message: Daniel Eischen: "Re: nss_ldap broken"

    Relevant Pages

    • Re: I Think I Found The Problem
      ... To reproduce the problem I was encountering, ... set the combo box's Sorted property to True while in design mode, ...
      (microsoft.public.dotnet.framework.adonet)
    • Re: AppleWin 1.12.7.2
      ... If there's a precise way to always reproduce this, then let me know, as ... I'm not encountering any problems on my machine. ... Mockingboard playback is poor. ... Prev by Date: ...
      (comp.emulators.apple2)
    • Re: Last NSS commit is very dangerous
      ... >> I'd really like DETAILS from anyone else encountering any difficulties ... >> after yesterday's NSS commit. ... nor has the patch submitter been able to reproduce it. ... To unsubscribe, ...
      (freebsd-current)
    • RE: Running Virtual Folder on Network Share with a different user
      ... The way I read the thread is that Steven was able to reproduce the same error that I was encountering and that he was going to consult further experts. ... So my understanding is an answer is forthcoming. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Last NSS commit is very dangerous
      ... > after yesterday's NSS commit. ... nor has the patch submitter been able to reproduce it. ... Somehow while editing my /etc/nsswitch.conf access mode becomes ... But previous NSS variant can handle this ...
      (freebsd-current)