About this list Date view Thread view Subject view Author view Attachment view

From: Enrico Scholz (enrico.scholz_at_sigma-chemnitz.de)
Date: Mon 11 Apr 2005 - 13:39:41 BST


sfrost_at_snowman.net (Stephen Frost) writes:

>> >> according to Enrico (please confirm or correct) the glibc
>> >> has issues with the fake name resolver and is generally
>> >> considered insecure because usually dynamically linked ...
>> >
>> > This really needs further explanation and justification. What about
>> > glibc being dynamically linked (and able to load other libraries)
>> > makes it insecure, specifically?
>>
>> 1. 'insecure', because the dynamical loading of libnss_* is
>> uncontrollable. There is no (documented??) way to disable this
>> loading e.g. when the chroot was entered. Executing a function which
>> would load an nss-library does not give any guarantee that the next
>> call to this function with another argument would not load another
>> library.
>
> It's not uncontrollable- just don't call NSS functions after you've
> chroot'd.

That's not possible. During the extraction phase, 'rpm' has to do
an username -> uid mapping with the setup from the inside of the
chroot. So at least there, I need getpwname() after chroot().

Enrico


_______________________________________________
Vserver mailing list
Vserver_at_list.linux-vserver.org
http://list.linux-vserver.org/mailman/listinfo/vserver


About this list Date view Thread view Subject view Author view Attachment view
[Next/Previous Months] [Main vserver Project Homepage] [Howto Subscribe/Unsubscribe] [Paul Sladen's vserver stuff]
Generated on Mon 11 Apr 2005 - 13:40:14 BST by hypermail 2.1.3