From: Enrico Scholz (enrico.scholz_at_sigma-chemnitz.de)
Date: Mon 11 Apr 2005 - 13:39:41 BST
sfrost_at_snowman.net (Stephen Frost) writes:
>> >> according to Enrico (please confirm or correct) the glibc
>> >> has issues with the fake name resolver and is generally
>> >> considered insecure because usually dynamically linked ...
>> >
>> > This really needs further explanation and justification. What about
>> > glibc being dynamically linked (and able to load other libraries)
>> > makes it insecure, specifically?
>>
>> 1. 'insecure', because the dynamical loading of libnss_* is
>> uncontrollable. There is no (documented??) way to disable this
>> loading e.g. when the chroot was entered. Executing a function which
>> would load an nss-library does not give any guarantee that the next
>> call to this function with another argument would not load another
>> library.
>
> It's not uncontrollable- just don't call NSS functions after you've
> chroot'd.
That's not possible. During the extraction phase, 'rpm' has to do
an username -> uid mapping with the setup from the inside of the
chroot. So at least there, I need getpwname() after chroot().
Enrico
_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver