Bug 848821 - nsswitch.conf update can get lost when glibc updates are installed at the same on a multiarch system
Summary: nsswitch.conf update can get lost when glibc updates are installed at the sam...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: sudo
Version: 5.8
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Daniel Kopeček
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-08-16 13:49 UTC by Tom G. Christensen
Modified: 2013-03-13 13:12 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-03-13 12:54:35 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Tom G. Christensen 2012-08-16 13:49:21 UTC
Description of problem:
The current sudo package attempts to add a line to nsswitch.conf if it is missing but it fails it can fail if the update transaction also includes glibc on a multiarch system.
What happens is that due to the multiarch nature two glibc packages will be installed and in some circumstances yum orders the updates in a way that first glibc is updated, then sudo (at which point the added line exists in /etc/nsswitch.conf) and then the other glibc arch is updated which overwrites /etc/nsswitch.conf with the copy included in glibc.

Version-Release number of selected component (if applicable):
sudo-1.7.2p1-14.el5_8.3.x86_64

How reproducible:
100%

Steps to Reproduce:
1. Install a fresh rhel 5.8/x86_64 with sudo and openssl and no updates
2. remove the 'sudoers:' line from /etc/nsswitch.conf
3. yum update sudo openssl glibc

....  
Running Transaction
  Updating       : glibc-common       1/14 
  Updating       : glibc              2/14 
  Updating       : openssl            3/14 
  Updating       : sudo               4/14 
  Updating       : nscd               5/14 
  Updating       : glibc              6/14 
  Updating       : openssl            7/14                
....

Actual results:
# grep sudoers /etc/nsswitch.conf
#

Expected results:
# grep sudoers /etc/nsswitch.conf
sudoers:  files ldap
#


Additional info:
The example with 'sudo openssl glibc' is just one easy way to provoke this issue. Any combination of updates that can trigger sudo being updated in the middle of a glibc multiarch sandwich could cause this problem.

Comment 1 Dalibor Pospíšil 2012-08-16 14:16:57 UTC
I think that this is correct behavior because if you manually remove the line from nsswitch.conf it should not be automatically recreated.

Comment 2 Tom G. Christensen 2012-08-16 16:43:49 UTC
Lets see what happens if I revert my test VM and only update sudo:
# rpm -q sudo
sudo-1.7.2p1-13.el5.x86_64
# grep sudoers nsswitch.conf
#
# yum install sudo
....
Running Transaction
  Updating       : sudo                         1/2
...
# rpm -q sudo
sudo-1.7.2p1-14.el5_8.3.x86_64
# grep sudoers nsswitch.conf 
sudoers:  files ldap
#

That does not match the behaviour you describe.


Note You need to log in before you can comment on or make changes to this bug.