http://bugzilla.novell.com/show_bug.cgi?id=540966
User suse@tlinx.org added comment
http://bugzilla.novell.com/show_bug.cgi?id=540966#c8
L. A. Walsh changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |security
Platform|Other |x86-64
Flag| |CCB_Review?
--- Comment #8 from L. A. Walsh 2009-11-13 19:30:53 PST ---
That sounds more like a bug with NIS -- how does a normal user login when they
are not root? -- I.e. if nscd is NOT running, how does a normal user query NIS
as 'root'.
The manpage for nscd specifically says that it does NOT cache /etc/shadow, with
the implication being that it doesn't do so for security reasons.
If it is not caching /etc/shadow for security, then lookups achieve no benefit
by going through nscd -- and there is no reason for it to be 'root'.
Why is it called 'unscd' when it runs as 'nscd' in opensuse? is there some
other version of the product where it is installed and runs as unscd?
Maybe these two names should not be assumed to be the same version of the
product, and maybe the unscd version runs in an environment with different
needs than the nscd version of the product. The nscd version of the product
runs just fine as user "nscd" -- a normal, unprivileged user.
There have been no complaints or bug reports that I'm aware of about nscd not
working.
Are passwds even being checked through nscd?
Perhaps the pam-password verification library calls don't even go through nscd
because it does not cache /etc/shadow -- so there would be no benefit making
some extra round trip through nscd to get to NIS or /etc/shadow.
If it's not broken in 11.1 or 11.2, then why has no one complained about it not
running as 'root'? People want it to be more secure by running as it's own
user 'nscd', NOT less secure by running it as root.
I'm not reopening this at this point, as it would be pointless unless we figure
out why it is working as NOT-root on 11.1 and 11.2 (and probably 11.0, though I
know it's running as root on 10.3).
It's not that there's a known problem with nscd, but it's a matter of
principle of running "more" programs with full privilege. It increases the
attack surface of the TCB and is not desirable from a security standpoint.
I'd like someone in security to review the necessity of this running as root
when it has been working without problems in 11.1/.2 as non-root.
--
Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.