Date: Fri, 9 Jul 1999 07:44:04 -0700 (PDT) From: david@inty.net To: freebsd-gnats-submit@freebsd.org Subject: misc/12576: libc problem with getpw* functions using NIS Message-ID: <19990709144404.D98AF14F23@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 12576
>Category: misc
>Synopsis: libc problem with getpw* functions using NIS
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Fri Jul 9 07:50:02 PDT 1999
>Closed-Date:
>Last-Modified:
>Originator: David Hedley
>Release: 3.2-RELEASE
>Organization:
INTY
>Environment:
FreeBSD server.inty.net 3.2-RELEASE FreeBSD 3.2-RELEASE #0: Tue May 25 10:06:57 GMT 1999 david@server.inty.net:/usr/src/sys/compile/GENERIC+MODS i386
>Description:
I'm seeing many errors in the logs of the form:
Jul 9 14:27:53 server ypserv[1268]: access to master.passwd.byuid denied -- client 127.0.0.1:2597 not privileged
This is caused by the following sequence of events:
1) program runs as root
2) calls getpwuid
3) closes all file descriptors
4) setuid(something other than root)
5) calls getpwuid
The first call to getpwuid sets the _gotmaster variable in getpwent.c
This makes all subsequent calls use the 'master.passwd' map
instead of 'passwd'. When the second call to getpwuid is made,
_yp_dobind determines that its socket has been closed and that it
needs to rebind, however it can no longer get a privileged port due to
no longer running as root.
However, it still tries to access the master.passwd map because
the _gotmaster variable has not been updated, resulting in the error
message shown above.
>How-To-Repeat:
Run Apache with SuEXEC enabled (this is how I noticed it originally).
Either that, or run the following on box using NIS:
#include <pwd.h>
int main(int argc, char **argv)
{
int i;
struct passwd *pw;
pw = getpwuid(9998);
setuid(99);
for (i = 2; i < 200; i++)
close(i);
pw = getpwuid(9999);
}
Ensure that UIDs (9998 and 9999) don't exist in your local password file
>Fix:
I've commented out the check in ypserv which checks for a secure port
for the moment - not a terribly good solution.
Either that or somehow, _getyppass must realise if the map lookup for
'master.passwd' has failed, it should reset _gotmaster and retry
with the 'passwd' map.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990709144404.D98AF14F23>