Bug 9538 - nscd runs as root, and any user can crash it
nscd runs as root, and any user can crash it
Product: Red Hat Linux
Classification: Retired
Component: nscd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
: Security
Depends On:
  Show dependency treegraph
Reported: 2000-02-17 20:02 EST by wingc
Modified: 2008-05-01 11:37 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2000-07-16 13:12:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description wingc 2000-02-17 20:02:14 EST
There are a few bugs in the nscd program included with glibc 2.1:

- the default action for a nscd request if the request type is unknown is
to abort(). As far as I can tell, this means that anyone can crash the nscd
daemon by sending a request with a type that nscd does not understand.

- nscd does not call setsid() when starting up as a daemon. This means that
if root logs in and starts it, nscd will hold onto that controlling TTY
until it is hung up.

- nscd runs as root. This isn't necessary. It would be nice if it could be
run as its own unprivileged user.

I have a patch that implements fixes for all three of these:


Adding the following %post/%preun scripts to the glibc spec file will
create the nscd user that would be needed to run nscd as non-root:

%post -n nscd
/sbin/chkconfig --add nscd
/usr/sbin/useradd -c "nscd caching daemon" \
	-s /bin/false -r -d / nscd 2>/dev/null

%preun -n nscd
if [ $1 = 0 ] ; then
    /sbin/chkconfig --del nscd
    /usr/sbin/userdel nscd 2>/dev/null
    /usr/sbin/groupdel nscd 2>/dev/null

I've sent these suggestions to the author of nscd but haven't received a
response yet.


Chris Wing
Comment 1 Cristian Gafton 2000-05-22 11:41:59 EDT
assigned to jakub
Comment 2 Pekka Savola 2000-07-16 13:11:59 EDT
Still an issue w/ nscd-2.1.91-2 from Rawhide.

Comment 3 Jakub Jelinek 2000-08-24 03:36:23 EDT
Fixed in glibc-2.1.92

Note You need to log in before you can comment on or make changes to this bug.