This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: Security impact of nscd and NSS module bugs (particularly NIS)
- From: Rich Felker <dalias at libc dot org>
- To: Roland McGrath <roland at hack dot frob dot com>
- Cc: Florian Weimer <fweimer at redhat dot com>, libc-alpha at sourceware dot org
- Date: Fri, 4 Jul 2014 23:00:09 -0400
- Subject: Re: Security impact of nscd and NSS module bugs (particularly NIS)
- Authentication-results: sourceware.org; auth=none
- References: <53B54CEE dot 6040505 at redhat dot com> <20140703160829 dot GW20796 at spoyarek dot pnq dot redhat dot com> <20140703193030 dot 93B502C398D at topped-with-meat dot com> <53B670B1 dot 4090103 at redhat dot com> <20140704192258 dot 991952C39B8 at topped-with-meat dot com>
On Fri, Jul 04, 2014 at 12:22:58PM -0700, Roland McGrath wrote:
> > If nscd crashes and unwanted in-process NSS module fallback is a
> > concern, maybe we could add some construct that once nscd has been
> > started first, fallback is disabled? Would that make sense?
>
> Plausible. Today there is no client-side configuration related to nscd at
> all. So you'd have to come up with something.
Isn't just eliminating the unwanted modules from /etc/nsswitch.conf
the natural way to prevent fallback on the client side?
Rich