38402 – openldap tries to open ldaprc file in current directory

Bug 38402 - openldap tries to open ldaprc file in current directory

Summary: openldap tries to open ldaprc file in current directory

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	openldap
Sub Component:
Version:	7.1
Hardware:	i386
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Nalin Dahyabhai
QA Contact:	Aaron Brown
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2001-04-30 16:19 UTC by Henning Schmiedehausen
Modified:	2017-10-05 11:53 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2001-04-30 16:29:31 UTC
Embargoed:

Attachments	(Terms of Use)
patch as above as file attachment (305 bytes, patch) 2001-04-30 16:21 UTC, Henning Schmiedehausen	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	1498841	0	low	CLOSED	Manpage incorrectly states ./ldaprc config file is used	2021-02-22 00:41:40 UTC

Internal Links: 1498841

Description Henning Schmiedehausen 2001-04-30 16:19:43 UTC

From Bugzilla Helper:
User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19-1t i686)


The openldap libraries try to open a config file in the "current"
directory. This is especially annoying if you use LDAP to supply user and /
or autofs information which leads to (best case) annoying file system
accesses in the current directory when doing "ls" or (worst case) possible
security problems if someone puts an ldaprc file in the current directory
which does point to a different server or ldap directory.

Reproducible: Always
Steps to Reproduce:
1. use LDAP for e.g. User information
2. do "ls -la"
3. watch filesystem accesses (strace -etrace=open .... )

[...]
open("/etc/openldap/ldap.conf", O_RDONLY) = 3
open("/root/ldaprc", O_RDONLY)          = -1 ENOENT (No such file or
directory)
open("/root/.ldaprc", O_RDONLY)         = -1 ENOENT (No such file or
directory)
open("ldaprc", O_RDONLY)                = -1 ENOENT (No such file or
directory)
[...]
	

Please add the attached patch to the next RPM

--- openldap-2.0.7/libraries/libldap/init.c~    Wed Sep 13 02:42:34 2000
+++ openldap-2.0.7/libraries/libldap/init.c     Mon Apr 30 18:15:23 2001
@@ -278,9 +278,6 @@
        if(path != NULL) {
                LDAP_FREE(path);
        }
-
-       /* try file */
-       openldap_ldap_init_w_conf(file, 1);
 }

Comment 1 Henning Schmiedehausen 2001-04-30 16:21:31 UTC

Created attachment 16846 [details]
patch as above as file attachment

Comment 2 Henning Schmiedehausen 2001-04-30 16:29:26 UTC

Opened the bug with openldap too, ( # 1131)

Comment 3 Nalin Dahyabhai 2001-07-03 20:15:11 UTC

The patch will be added to openldap-2.0.11-5.  Thanks!

Note You need to log in before you can comment on or make changes to this bug.