Bug#566351: libgcrypt11: should not change user id as a side effect

Simon Josefsson simon at josefsson.org
Wed Jan 27 14:18:29 CET 2010


Ansgar Burchardt <ansgar at 43-1.org> writes:

> Hi,
>
> Simon Josefsson <simon at josefsson.org> writes:
>
>>> It can run in a separate process if nscd (glibc's name service caching
>>> daemon) is running.  But if nscd is not installed or not running for
>>> some reason, there is not much to do except doing the query in the same
>>> process.
>>
>> Why can't the system call fail in that situation?
>
> nscd is optional and one probably does not want to make the system
> unusable if it crashes (no possibility to log in when you cannot
> access the user database).  It would likely also require special
> handling of the entire boot process when nscd is not yet available.

It would be nice if it was possible to configure it to fall back on
something saner than invoking a setuid-binary when nscd is not
available/working.  That should work during boot too.  Just an idea.

/Simon



More information about the Gcrypt-devel mailing list