Last NSS commit is very dangerous
Jacques A. Vidrine
nectar at FreeBSD.org
Thu Apr 1 11:15:09 PST 2004
On Thu, Apr 01, 2004 at 10:53:22PM +0400, Andrey Chernov wrote:
> On Thu, Apr 01, 2004 at 10:32:58AM -0600, Jacques A. Vidrine wrote:
> > > But previous NSS variant can handle this unreadable
> > > /etc/nsswitch.conf nicely, probably using defaults.
> >
> > I believe you are mistaken. Are you 100% certain that revision 1.10 of
> > nsdispatch.c falls back to defaults if /etc/nsswitch.conf exists but is
>
> In new version you add
> + result = errno;
> if file can't be opened. I think this makes difference.
Andrey, I must apologize. I just couldn't see this line for some
reason :-/ Thanks for your patience in getting me to see the problem.
> > ``unreadable /etc/nsswitch.conf'' is a different situation than ``no
> > /etc/nsswitch.conf''. The latter means ``gimme the defaults''. The
> > former means ``disable NSS''.
>
> You are probably right, I have no strong preferences here. It depends on
> other system's historic nsswitch.conf behaviour and it will be better, if
> unreadable case will be documented in nsswitch.conf(5). Currently we have:
>
> "If, for any reason, nsswitch.conf doesn't exist, or it has missing or
> corrupt entries, nsdispatch(3) will default to an entry of ``files''
> for the requested database."
>
> Which not covers "unreadable" case.
I think the behavior must be the same as it was previously. I believe
I have fixed the problem in rev 1.12 of nsdispatch.c by removing the
offending statement.
In short, you are right, I am wrong, sorry for the noise :-)
Cheers,
--
Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net / nectar at freebsd.org
More information about the freebsd-current
mailing list