From: Enrico Scholz (enrico.scholz_at_sigma-chemnitz.de)
Date: Mon 11 Apr 2005 - 13:39:41 BST
sfrost_at_snowman.net (Stephen Frost) writes:
>> >> according to Enrico (please confirm or correct) the glibc
>> >> has issues with the fake name resolver and is generally
>> >> considered insecure because usually dynamically linked ...
>> > This really needs further explanation and justification. What about
>> > glibc being dynamically linked (and able to load other libraries)
>> > makes it insecure, specifically?
>> 1. 'insecure', because the dynamical loading of libnss_* is
>> uncontrollable. There is no (documented??) way to disable this
>> loading e.g. when the chroot was entered. Executing a function which
>> would load an nss-library does not give any guarantee that the next
>> call to this function with another argument would not load another
> It's not uncontrollable- just don't call NSS functions after you've
That's not possible. During the extraction phase, 'rpm' has to do
an username -> uid mapping with the setup from the inside of the
chroot. So at least there, I need getpwname() after chroot().
Vserver mailing list