First Last Prev Next    This bug is not in your last search results.
Bug 91794 - LOCALDOMAIN env variable overrides both domain and search keywords
LOCALDOMAIN env variable overrides both domain and search keywords
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: glibc (Show other bugs)
2
All Linux
high Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-05-28 06:42 EDT by Axel Thimm
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-09-28 02:44:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Axel Thimm 2003-05-28 06:42:53 EDT 
Description of problem:
If a user with uid!=0 on a host without an FQDN tries to connect to a machine
without specifying the remote machine's FQDN the connect fails, because the name
resolution in openssh pick the hostname as a domainname and ignore any search
statements in resolve.conf.

Name resolution works as expected if the user is root.


Version-Release number of selected component (if applicable):
openssh-3.5p1-6

How reproducible:
Always

Steps to Reproduce:
1. Name your client with a non-dotted name, e.g. "host1"
2. Create a /etc/resolve.conf which should resolve host2 to
   host2.mydomain, for example:
   search mydomain anotherdomain
   nameserver ...
3. Run "ssh host2" as a non-root user.

Actual Results:  The connection fails. An strace shows that openssh uses "host1"
as a possible domain name for host2 (e.g. tries to resolve "host2.host1"). No
attempt is made to use "mydomain" or "anotherdomain" in name resolution.

Expected Results:  The openssh client should follow normal resolution semantics,
as it does for uid=0.
Comment 1 Axel Thimm 2003-10-31 07:45:21 EST 
I tracked this down to more than openssh. Everything using getaddrinfo ignores
the search list in /etc/resolv.conf, if uid!=0:

non-root:
$ ltrace telnet omega 2>&1  | grep -A2 getaddrinfo
getaddrinfo("omega", "telnet", 0xbfeb8f50, 0xbfeb8f44) = -2
strncpy(0x0806a4a0, "omega", 1025)               = 0x0806a4a0
gai_strerror(-2)                                 = "Name or service not known"

root:
# ltrace telnet omega 2>&1  | grep -A2 getaddrinfo
getaddrinfo("omega", "telnet", 0xbfe4be80, 0xbfe4be74) = 0
gethostbyname_r(0xbff42adf, 0xbfe4be00, 0xbfe49e00, 8192, 0xbfe49df8) = 0

(changed subject, component and also product since this is still present in
rawhide).
ge
Comment 2 Axel Thimm 2003-11-08 05:08:27 EST 
I am changing Priority/Severity, because different name resolutions
depending on the application (gethostbyname vs getaddrinfo) and uid
(root vs non-root) can cause security problems.
Comment 3 Ulrich Drepper 2004-09-28 02:44:13 EDT 
I have never seen this specific problem.  And in any case, the current
code is very different.  The various domains listed in
/etc/resolv.conf are definitely tried.  I really suspect you to have a
configuration problem since if this would have been a general problem,
lots of people would have had problems (and we did not hear about this).

In case you still have problems with the FC3t2 code, reopen.
Comment 4 Axel Thimm 2004-12-02 06:17:58 EST 
I can confirm this was a local configuration issue, LOCALDOMAIN was
set to a wrong value.

But I thought LOCALDOMAIN would only replace the "domain" keyword, not
also the "search" keyword. Perhaps this is still a bug? This seems to
only affect releases up to FC2. I couldn't reproduce it on FC3, it
seems to be fixed there.

Thanks!
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.