On 2005-02-28 10:12:14 +0900, GOTO Masanori wrote: > At Thu, 17 Feb 2005 13:37:25 +0100, > Vincent Lefevre wrote: > > The getgrname(3) man page says: > > > > The getgrnam() function returns a pointer to a structure containing the > > group information from /etc/group for the entry that matches the group > > name name. > > > > But here, the getgrname function returns a result that doesn't belong > > to /etc/group, which seems to lead by side effects to a security hole > > (more details below). > > Does this manpage say correctly? i.e. Is getgrnam tightly coupled > with /etc/group?
What do you mean? > > It gives here, where slocate is group 21 in NIS: > > > > $ ./grname slocate > > 21 (slocate) > > $ grep slocate /etc/group > > zsh: exit 1 grep slocate /etc/group > > $ grep 21 /etc/group > > fax:x:21: > > > > As a consequence: > > > > # touch blah > > # chown root.slocate blah > > # ls -l blah > > -rw-r--r-- 1 root fax 0 2005-02-17 13:30:13 blah > > ^^^ > > > > This could also explain why groupadd (to add a group to /etc/group) > > fails if a group with the same name exists via NIS. > > I guess you specify in /etc/nsswitch.conf that nis is prior than > files for group lookup. My /etc/nsswitch.conf contains: group: files nis -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / SPACES project at LORIA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
