Last NSS commit is very dangerous
Andrey Chernov
ache at nagual.pp.ru
Thu Apr 1 10:53:32 PST 2004
On Thu, Apr 01, 2004 at 10:32:58AM -0600, Jacques A. Vidrine wrote:
> > But previous NSS variant can handle this unreadable
> > /etc/nsswitch.conf nicely, probably using defaults.
>
> I believe you are mistaken. Are you 100% certain that revision 1.10 of
> nsdispatch.c falls back to defaults if /etc/nsswitch.conf exists but is
In new version you add
+ result = errno;
if file can't be opened. I think this makes difference.
> ``unreadable /etc/nsswitch.conf'' is a different situation than ``no
> /etc/nsswitch.conf''. The latter means ``gimme the defaults''. The
> former means ``disable NSS''.
You are probably right, I have no strong preferences here. It depends on
other system's historic nsswitch.conf behaviour and it will be better, if
unreadable case will be documented in nsswitch.conf(5). Currently we have:
"If, for any reason, nsswitch.conf doesn't exist, or it has missing or
corrupt entries, nsdispatch(3) will default to an entry of ``files''
for the requested database."
Which not covers "unreadable" case.
--
Andrey Chernov | http://ache.pp.ru/
More information about the freebsd-current
mailing list