El 27/01/13 15:08, Roger Leigh escribió:
On Sun, Jan 27, 2013 at 12:18:30PM +0000, Roger Leigh wrote:
Hi Santiago,
I've attached a patch for adding support for the "gshadow"
(group shadow) NSS database to nsswitch.conf. Without this,
the libc getsg* family of functions will not work, hence
marking serious or else these functions will be broken for
new installations; would also be nice if it was possible to
add for upgrades as well? Do we have any mechanism for
making NSS updates?
Note that it's using the "files" service rather than "compat"
here because "compat" does not support gshadow, but "files"
does (can be tested by running "getent gshadow" as root).
Updated patch attached. This will upgrade nsswitch.conf in-place
on upgrade to add support for gshadow for existing installations,
while new installs will get the new nsswitch.conf by default.
Note that it's only run for upgrades from base-files<< 7.2, so
will only be run once.
The sed script will insert the new entry after the shadow entry
if present, to make it identical to the default nsswitch.conf,
otherwise it will be inserted after the group entry which it
matches.
No, no, no. Any upgrade mechanism should be in libc-bin.
This file does not belong to base-files, really.
If we got to the point that we desesperately need to upgrade the file,
libc-bin should be the package doing it.
On #debian-devel, we discussed the security implications of
enabling this by default,
Please let us discuss this in the open. The logs for this bug should be
a good place.
I have yet to see what is so broken to justify the serious severity.
(see my earlier email).
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
