Last NSS commit is very dangerous

Jacques A. Vidrine nectar at
Thu Apr 1 11:15:09 PST 2004

On Thu, Apr 01, 2004 at 10:53:22PM +0400, Andrey Chernov wrote:
> On Thu, Apr 01, 2004 at 10:32:58AM -0600, Jacques A. Vidrine wrote:
> > > But previous NSS variant can handle this unreadable
> > > /etc/nsswitch.conf nicely, probably using defaults.
> > 
> > I believe you are mistaken.  Are you 100% certain that revision 1.10 of
> > nsdispatch.c falls back to defaults if /etc/nsswitch.conf exists but is
> In new version you add
> +               result = errno;
> if file can't be opened. I think this makes difference.

Andrey, I must apologize.  I just couldn't see this line for some
reason :-/  Thanks for your patience in getting me to see the problem.

> > ``unreadable /etc/nsswitch.conf'' is a different situation than ``no
> > /etc/nsswitch.conf''.  The latter means ``gimme the defaults''.  The
> > former means ``disable NSS''.
> You are probably right, I have no strong preferences here. It depends on
> other system's historic nsswitch.conf behaviour and it will be better, if
> unreadable case will be documented in nsswitch.conf(5). Currently we have:
> "If, for any reason, nsswitch.conf doesn't exist, or it has missing or
> corrupt entries, nsdispatch(3) will default to an entry of ``files'' 
> for the requested database."
> Which not covers "unreadable" case.

I think the behavior must be the same as it was previously.  I believe
I have fixed the problem in rev 1.12 of nsdispatch.c by removing the
offending statement.

In short, you are right, I am wrong, sorry for the noise :-)

Jacques Vidrine / nectar at / jvidrine at / nectar at

More information about the freebsd-current mailing list