From des@ee.follo.net Sat Mar 27 10:41:00 1999
Return-Path: <des@ee.follo.net>
Received: from ee.follo.net (ee.follo.net [195.204.143.223])
	by hub.freebsd.org (Postfix) with ESMTP id 34FDF15089
	for <FreeBSD-gnats-submit@freebsd.org>; Sat, 27 Mar 1999 10:24:04 -0800 (PST)
	(envelope-from des@ee.follo.net)
Received: (from des@localhost)
	by ee.follo.net (8.9.2/8.8.8) id TAA14403;
	Sat, 27 Mar 1999 19:24:07 +0100 (CET)
	(envelope-from des)
Message-Id: <199903271824.TAA14403@ee.follo.net>
Date: Sat, 27 Mar 1999 19:24:07 +0100 (CET)
From: Dag-Erling Smorgrav <des@ee.follo.net>
Reply-To: des@ee.follo.net
To: FreeBSD-gnats-submit@freebsd.org
Subject: getpwent() failures in httpd
X-Send-Pr-Version: 3.2

>Number:         10820
>Category:       bin
>Synopsis:       getpwent() failures in httpd
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Mar 27 10:50:00 PST 1999
>Closed-Date:    Sat Mar 27 11:08:50 PST 1999
>Last-Modified:  Sat Mar 27 11:09:16 PST 1999
>Originator:     Dag-Erling Smorgrav
>Release:        FreeBSD 3.1-STABLE i386
>Organization:
Yes Interactive
>Environment:

FreeBSD 3.1-STABLE and 4.0-CURRENT systems configured as NIS clients of
a FreeBSD NIS server which has master.passwd.{byname,byuid} maps.

>Description:

The NIS code in src/lib/libc/gen/getpwent.c attempts to determine whether
or not it has access to the master.passwd maps. This test will succeed if
it can connect to the NIS server from a privileged port, i.e. if the
effective UID is 0. However, it is possible for the process to lose that
access without getpwent.c noticing, for instance by dropping privileges
and closing the NIS socket (which is what happens in e.g. an HTTP daemon
which forks). The NIS code will try to reconnect to master.passwd, but
since it is connecting from a non-privileged port, the request will be
deniedand the getpwent() call will fail.

>How-To-Repeat:

Run Apache httpd on the NIS client. Using an HTTP client, request
http://www.nisclient.net/~joe/ where joe is listed in the NIS password but
*not* in the NIS client's own password database, and has a public_html
directory (or whatever you've set UserDir to). getpwent() will fail,
resulting in a 404 Not Found. Running the NIS server in debug mode reveals
that the client attempted to access the master.passwd.byname map from an
unprivileged port.

Other daemons which close file descriptors when they fork will also be
affected by this.

>Fix:
	
The NIS code needs to detect a change in privileges, and reinitialize if
the connection was lost after privileges were dropped.


>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Sat Mar 27 11:08:50 PST 1999 
State-Changed-Why:  
Mis-analyzed, submitting new PR. 
>Unformatted:
