Bug#566351: libgcrypt11: should not change user id as a side effect
Werner Koch
wk at gnupg.org
Mon Jan 25 16:43:11 CET 2010
On Mon, 25 Jan 2010 16:13, ansgar at 43-1.org said:
> Yes, it is even quite simple to write such an application: Just call
> getgroups(), getpwent(), ... on a system that uses LDAP. If there is no
> caching daemon like nscd running, the application will use libnss-ldap
> (via glibc's Name Service Switch) which can in turn use gnutls.
That is a broken design. glibc should never ever allow suid processes
to run code from external services it is not 100% sure they are clean.
I guess libnss_files and the other standard ones might be fine, but LDAP
or even LDAPS are very problematic. Such code belongs into a separate
process and not into the one of an arbitrary - possible suid -
application.
> As the application itself does not use openldap, gnutls, or gcrypt there
> is no way it could initialize gcrypt.
You may consider this a featue - it indicates that there is something
severly wrong with the application running on a particular system
configuration.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gcrypt-devel
mailing list