Commit Graph

13 Commits

Author SHA1 Message Date
Sam James
ace9e3edbc nss: handle stat failure in check_reload_and_get (BZ #28752)
Skip the chroot test if the database isn't loaded
correctly (because the chroot test uses some
existing DB state).

The __stat64_time64 -> fstatat call can fail if
running under an (aggressive) seccomp filter,
like Firefox seems to use.

This manifested in a crash when using glib built
with FAM support with such a Firefox build.

Suggested-by: DJ Delorie <dj@redhat.com>
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: DJ Delorie <dj@redhat.com>
2022-06-08 21:29:39 -04:00
Paul Eggert
581c785bf3 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 7061 files FOO.

I then removed trailing white space from math/tgmath.h,
support/tst-support-open-dev-null-range.c, and
sysdeps/x86_64/multiarch/strlen-vec.S, to work around the following
obscure pre-commit check failure diagnostics from Savannah.  I don't
know why I run into these diagnostics whereas others evidently do not.

remote: *** 912-#endif
remote: *** 913:
remote: *** 914-
remote: *** error: lines with trailing whitespace found
...
remote: *** error: sysdeps/unix/sysv/linux/statx_cp.c: trailing lines
2022-01-01 11:40:24 -08:00
Florian Weimer
b99b0f93ee nss: Use "files dns" as the default for the hosts database (bug 28700)
This matches what is currently in nss/nsswitch.conf.  The new ordering
matches what most distributions use in their installed configuration
files.

It is common to add localhost to /etc/hosts because the name does not
exist in the DNS, but is commonly used as a host name.

With the built-in "dns [!UNAVAIL=return] files" default, dns is
searched first and provides an answer for "localhost" (NXDOMAIN).
We never look at the files database as a result, so the contents of
/etc/hosts is ignored.  This means that "getent hosts localhost"
fail without a /etc/nsswitch.conf file, even though the host name
is listed in /etc/hosts.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-12-17 12:01:25 +01:00
Adhemerval Zanella
52a5fe70a2 Use 64 bit time_t stat internally
For the legacy ABI with supports 32-bit time_t it calls the 64-bit
time directly, since the LFS symbols calls the 64-bit time_t ones
internally.

Checked on i686-linux-gnu and x86_64-linux-gnu.

Reviewed-by: Lukasz Majewski <lukma@denx.de>
2021-06-22 12:09:52 -03:00
DJ Delorie
9b456c5da9 nss: fix nss_database_lookup2's alternate handling [BZ #27416]
__nss_database_lookup2's extra arguments were left unused in the
nsswitch reloading patch set; this broke compat (default config
ignored) and shadow files (secondary name ignored) which relies on
these fallbacks.

This patch adds in the previous behavior by correcting the
initialization of the database list to reflect the fallbacks.  This
means that the nss_database_lookup2 interface no longer needs to be
passed the fallback info, so API and callers were adjusted.

Since all callers needed to be edited anyway, the calls were changed
from __nss_database_lookup2 to the faster __nss_database_get.  This
was an intended optimization which was deferred during the initial
lookup changes to avoid touching so many files.

The test case verifies that compat targets work (passwd) and that the
default configuration works (group).  Tested on x86-64.
2021-03-09 14:34:50 -05:00
DJ Delorie
58673149f3 nss: Re-enable NSS module loading after chroot [BZ #27389]
The glibc 2.33 release enabled /etc/nsswitch.conf reloading,
and to prevent potential security issues like CVE-2019-14271
the re-loading of nsswitch.conf and all mdoules was disabled
when the root filesystem changes (see bug 27077).

Unfortunately php-lpfm and openldap both require the ability
to continue to load NSS modules after chroot. The packages
do not exec after the chroot, and so do not cause the
protections to be reset. The only solution is to re-enable
only NSS module loading (not nsswitch.conf reloading) and so
get back the previous glibc behaviour.

In the future we may introduce a way to harden applications
so they do not reload NSS modules once the root filesystem
changes, or that only files/dns are available pre-loaded
(or builtin).

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-03-02 16:14:18 -05:00
Sergei Trofimovich
c3479fb793 nsswitch: return result when nss database is locked [BZ #27343]
Before the change nss_database_check_reload_and_get() did not populate
the '*result' value when it returned success in a case of chroot
detection. This caused initgroups() to use garage pointer in the
following test (extracted from unbound):

```

int main() {
    // load some NSS modules
    struct passwd * pw = getpwnam("root");

    chdir("/tmp");
    chroot("/tmp");
    chdir("/");
    // access nsswitch.conf in a chroot
    initgroups("root", 0);
}
```

Reviewed-by: DJ Delorie <dj@redhat.com>
2021-02-05 13:07:10 -05:00
DJ Delorie
429029a73e nsswitch: do not reload if "/" changes
https://sourceware.org/bugzilla/show_bug.cgi?id=27077

Before reloading nsswitch.conf, verify that the root directory
hasn't changed - if it has, it's likely that we've entered a
container and should not trust the nsswitch inside the container
nor load any shared objects therein.

Reviewed-by: Carlos O'Donell <carlos@redhat.com>
2021-01-27 13:35:15 -05:00
Paul Eggert
2b778ceb40 Update copyright dates with scripts/update-copyrights
I used these shell commands:

../glibc/scripts/update-copyrights $PWD/../gnulib/build-aux/update-copyright
(cd ../glibc && git commit -am"[this commit message]")

and then ignored the output, which consisted lines saying "FOO: warning:
copyright statement not found" for each of 6694 files FOO.
I then removed trailing white space from benchtests/bench-pthread-locks.c
and iconvdata/tst-iconv-big5-hkscs-to-2ucs4.c, to work around this
diagnostic from Savannah:
remote: *** pre-commit check failed ...
remote: *** error: lines with trailing whitespace found
remote: error: hook declined to update refs/heads/master
2021-01-02 12:17:34 -08:00
DJ Delorie
d2e929a907 nsswitch: handle missing actions properly
Some internal functions need to know if a database has a nonzero
list of actions; success getting the database does not guarantee
that.  Add checks for such as needed.

Skip the ":" in each nsswitch.conf line so as not to add a dummy
action libnss_:.so

See also https://bugzilla.redhat.com/show_bug.cgi?id=1906066

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-14 12:19:43 -05:00
Stefan Liebler
6f19927b98 Fix linknamespace errors in nss_database.c if build with -Os.
Starting with recent commits, I get 43 conform/.../linknamespace FAILs:
- nss: Introduce <nss_module.h>
- <nss_action.h>: New abstraction for combining NSS modules and NSS actions
- nss: Implement <nss_database.h> (see nss/nss_database.c)
- nsswitch: use new internal API (core)
- nsswitch: user new internal API (tests)
- nsswitch: use new internal API (callers)

e.g. conform/XPG42/wordexp.h/linknamespace.out
[initial] wordexp -> [libc.a(wordexp.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_database_get -> [libc.a(nss_database.o)] feof_unlocked
[initial] wordexp -> [libc.a(wordexp.o)] __getpwnam_r -> [libc.a(getpwnam_r.o)] __nss_database_custom -> [libc.a(nsswitch.o)] __nss_database_get -> [libc.a(nss_database.o)] ferror_unlocked

This patch is just using __ferror_unlocked and __feof_unlocked instead of the
non "__" prefixed ones.

Reviewed-by: DJ Delorie <dj@redhat.com>
2020-12-11 09:43:18 +01:00
DJ Delorie
f8847d83e1 nsswitch: use new internal API (core)
Core changes to switch the NSS internals to use the new API.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:15:53 -05:00
Florian Weimer
fa78feca47 nss: Implement <nss_database.h>
This code manages the mappings of the available databases in NSS
(i.e. passwd, hosts, netgroup, etc) with the actions that should
be taken to do a query on those databases.

This is the main API between query functions scattered throughout
glibc and the underlying code (actions, modules, etc).

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
2020-12-04 17:15:44 -05:00