On Tue, Feb 13, 2007 at 11:37:55PM -0500, Yaroslav Halchenko wrote: > And you are guys share the prize! the cause is indeed in nscd: problem goes > away if I stop nscd, and comes back when I start it. And it might be that > originally I didn't have nscd running, which is why I didn't observe this > behavior. nscd --debug didn't show anything interesting besides first hit > against not yet known sashroot and then requests to resolve uid=0.
> Since, I assume, behavior of the system should be preserved while running > nscd, this issue is an nscd bug, since nscd changes the way uids get > resolved. Is that correct? Again, I believe the behavior is not a bug because the behavior of getpwuid() when two users share the same uid is undefined. This behavior is related to other nscd issues in the past that /were/ bugs though, and security bugs at that -- because nscd caches lookups as 1:1 maps, it was possible to poison nscd's dns cache by triggering a lookup of an IP whose reverse-DNS had been set to a hostname that you wanted to take over. I think that bug was fixed by breaking the link between forward and reverse DNS caching, but there was no reason to break the link for user/group caching because those should legitimately be bidirectional maps. -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
