This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Security impact of nscd and NSS module bugs (particularly NIS)


Florian Weimer <fweimer@redhat.com> writes:

> The other difficulty in this area is NIS.  If we have a buffer overflow
> in processing data from NIS, is this a security bug?  As far as I can
> tell, NIS is mostly used for accounts, so a malicious server could just
> serve an account with UID=0, so it's not obvious me that a trust
> boundary is crossed (which is required for a security vulnerability).

Using NIS at all these days is basically a security vulnerability.

That said, I do think a trust boundary has been crossed here.  Yes, NIS
can return an account with UID=0, but there may be other controls in place
locally to prevent someone from actually accessing that account (consider,
for instance, PAM modules that require certain authentication protocols
when accessing any account with UID=0 regardless of username).  A buffer
overflow in NIS data processing potentially allows an attacker to
compromise the system without having to authenticate to it in any way,
which is more than changing the UID of NIS returns allows, unless I'm
missing something.

So I would lean towards calling this a security vulnerability, although
it's the sort where I'd also emphasize that NIS is inherently insecure and
should not be used.

-- 
Russ Allbery (eagle@eyrie.org)              <http://www.eyrie.org/~eagle/>


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]