Bug#566351: libgcrypt11: should not change user id as a side effect

Werner Koch wk at gnupg.org
Mon Jan 25 16:43:11 CET 2010

On Mon, 25 Jan 2010 16:13, ansgar at 43-1.org said:

> Yes, it is even quite simple to write such an application: Just call
> getgroups(), getpwent(), ... on a system that uses LDAP.  If there is no
> caching daemon like nscd running, the application will use libnss-ldap
> (via glibc's Name Service Switch) which can in turn use gnutls.

That is a broken design.  glibc should never ever allow suid processes
to run code from external services it is not 100% sure they are clean.
I guess libnss_files and the other standard ones might be fine, but LDAP
or even LDAPS are very problematic.  Such code belongs into a separate
process and not into the one of an arbitrary - possible suid -

> As the application itself does not use openldap, gnutls, or gcrypt there
> is no way it could initialize gcrypt.

You may consider this a featue - it indicates that there is something
severly wrong with the application running on a particular system



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gcrypt-devel mailing list