Details
-
Type:
Bug
-
Status: Done
-
Priority:
High
-
Resolution: Fixed
-
Affects Version/s: None
-
Component/s: Promise type: files, Promise type: users
-
Labels:None
-
Story Points:5
Description
As shown in ENT-8348, the getgrnam() and getpwnam() functions (and other related functions) are sensitive to the process that calls them. They can use various mechanisms to get the user/group information and those mechanisms, especially libNSS plugins, can easily fail if libraries they require are already loaded in the process' address space, but in an incompatible version. OpenLDAP libraries are an example of such potential conflict because we bundle and ship specific versions of those libraries and load them while the libNSS plugins on the system ship their own (or use the system-provided versions).
Ideally, we would do all user/group related operations in fork-exec'd child processes, but that could be quite resource-hungry. But we can combine the two approaches and first call the sensitive functions and only if they fail, fork and exec a child process. And we don't have to reinvent such child process – we can use the system-provided getent utility (part of glibc).
Attachments
Issue Links
- relates to
-
CFE-3942 Implement and use a new GetUserInfo(uid_or_username) function using 'getent' as fallback
-
- Open
-