Re: Security impact of nscd and NSS module bugs (particularly NIS)

[Florian Weimer <fweimer at redhat dot com>]

On 07/03/2014 09:30 PM, Roland McGrath wrote:
> > nscd crashes would only mean degraded service.  Depending on the
> > service it is caching, the degradation may range from insignificant to
> > quite serious.
>
> That's the first-order effect.  It also means that individual applications
> start loading NSS modules directly when they weren't before.  Combined with
> NSS module bugs, that could expose otehr security-relevant bugs that were
> masked while nscd was running.

That's why I mentioned nss_ldap. :-)

But your comment suggest to me that an nscd crash would generally be 
fairly limited in impact and not as annoying as, say, a hanging syslog 
process (which tends to take down the entire system eventually).

If nscd crashes and unwanted in-process NSS module fallback is a 
concern, maybe we could add some construct that once nscd has been 
started first, fallback is disabled?  Would that make sense?

--
Florian Weimer / Red Hat Product Security