Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
nscd bothers me
  • From: Egan <egan@xxxxxxxxxxxxxx>
  • Date: Thu, 08 Feb 2001 13:52:30 -0500
  • Message-id: <ppp58tk8f4imhgs83rq8k0stirvr1ied8n@xxxxxxx>
I've done a lot of work, including custom source tweaks to certain
user utilities, to prevent my users from getting to the /etc/passwd
file, but yet, still give them important functions in their shell
account, like gcc.

My efforts are successful until I run nscd.

Because nscd is running as root, he provides user names for all uids
which exist, if a user compiles and runs this simple C program:


>#include <stdio.h>
>#include <pwd.h>
>
>struct passwd *user;
>
>int main (int argc, char **argv) {
>
> int uid;
>
> for (uid = 0; uid < 65535; uid++) {
> user = getpwuid (uid);
> if (user != NULL)
> printf ("Found uid %d with name %s\n", uid, user->pw_name);
> }
>


This trivial example defeats my efforts to prevent users from getting
a list of other users. So now I must stop running nscd, since he runs
as root.

Unless someone knows of a solution to this dilemma?


Egan





< Previous Next >
This Thread
  • No further messages