Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 27 Mar 1999 19:24:07 +0100 (CET)
From:      Dag-Erling Smorgrav <des@ee.follo.net>
To:        FreeBSD-gnats-submit@freebsd.org
Subject:   bin/10820: getpwent() failures in httpd
Message-ID:  <199903271824.TAA14403@ee.follo.net>

next in thread | raw e-mail | index | archive | help

>Number:         10820
>Category:       bin
>Synopsis:       getpwent() failures in httpd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 27 10:50:00 PST 1999
>Closed-Date:
>Last-Modified:
>Originator:     Dag-Erling Smorgrav
>Release:        FreeBSD 3.1-STABLE i386
>Organization:
Yes Interactive
>Environment:

FreeBSD 3.1-STABLE and 4.0-CURRENT systems configured as NIS clients of
a FreeBSD NIS server which has master.passwd.{byname,byuid} maps.

>Description:

The NIS code in src/lib/libc/gen/getpwent.c attempts to determine whether
or not it has access to the master.passwd maps. This test will succeed if
it can connect to the NIS server from a privileged port, i.e. if the
effective UID is 0. However, it is possible for the process to lose that
access without getpwent.c noticing, for instance by dropping privileges
and closing the NIS socket (which is what happens in e.g. an HTTP daemon
which forks). The NIS code will try to reconnect to master.passwd, but
since it is connecting from a non-privileged port, the request will be
deniedand the getpwent() call will fail.

>How-To-Repeat:

Run Apache httpd on the NIS client. Using an HTTP client, request
http://www.nisclient.net/~joe/ where joe is listed in the NIS password but
*not* in the NIS client's own password database, and has a public_html
directory (or whatever you've set UserDir to). getpwent() will fail,
resulting in a 404 Not Found. Running the NIS server in debug mode reveals
that the client attempted to access the master.passwd.byname map from an
unprivileged port.

Other daemons which close file descriptors when they fork will also be
affected by this.

>Fix:
	
The NIS code needs to detect a change in privileges, and reinitialize if
the connection was lost after privileges were dropped.


>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903271824.TAA14403>