nscd ignores /etc/hosts
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
glibc (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
My /etc/hosts contains the entry
192.109.102.54 mac.urlichs.
My /etc/nsswitch.conf contains the entry
hosts: files dns
I would expect that starting nscd, or not, would not have any effect except performance. This log clearly shows otherwise.
The security implication is that entries in /etc/hosts may be necessary to override information in the DNS which the local admin assumes (or, worse, knows) to be unreliable and/or wrong. If these host names are also used in ACLs, ignoring /etc/hosts may thus allow access from hosts which ordinarily would be forbidden.
# /etc/init.d/nscd stop
Stopping Name Service Cache Daemon: nscd.
# ping -c1 mac.urlichs.
PING mac.urlichs.
64 bytes from mac.urlichs.
--- mac.urlichs.
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.418/0.
# /etc/init.d/nscd start
Starting Name Service Cache Daemon: nscd.
# ping -c1 mac.urlichs.
PING mac.urlichs.
--- mac.urlichs.
0 packets transmitted, 0 received
# /etc/init.d/nscd stop
Stopping Name Service Cache Daemon: nscd.
# ping -c1 mac.urlichs.
PING mac.urlichs.
64 bytes from mac.urlichs.
--- mac.urlichs.
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.396/0.
This seems clearly a but, but I think that it's a stretch to consider this a security vulnerability