Bug 13696 - Add a --disable-nscd option to configure for disabling nscd implementation in glibc functions
Summary: Add a --disable-nscd option to configure for disabling nscd implementation in...
Alias: None
Product: glibc
Classification: Unclassified
Component: nscd (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Ulrich Drepper
Depends on:
Reported: 2012-02-15 23:23 UTC by Ben Chan
Modified: 2014-06-26 15:28 UTC (History)
5 users (show)

See Also:
Last reconfirmed:
fweimer: security-

Patch to add --disable-nscd to configure (2.17 KB, patch)
2012-02-15 23:23 UTC, Ben Chan
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ben Chan 2012-02-15 23:23:29 UTC
Created attachment 6214 [details]
Patch to add --disable-nscd to configure

Although the nscd client code can fall back when it fails to contact the nscd server, we may sometimes need to avoid that from happening (e.g. we need to disallow the "socket" system call in a sandboxed environment) if we know that no nscd server is enabled on a target system. Thus, we need to compile glibc without using the nscd implementation in its functions. 

The following glibc Makefiles currently hardcode -DUSE_NSCD=1 to use the nscd implementation for certain glibc functions, which makes it inconvenient to disable the nscd implementation.


Proposed Solution
It would be nicer if we have a --disable-nscd option in configure to control whether USE_NSCD should be defined. The attached patch implements the proposed changes on top of the current glibc master branch.
Comment 1 Mike Frysinger 2012-02-17 23:37:18 UTC
might want to submit the patch to the libc-alpha mailing list too.  bugzilla can be a bit slow and has less visibility.
Comment 2 Ulrich Drepper 2012-03-07 09:17:42 UTC
Once again you want the world to pay for the convenience of Google?  I haven't heard about anyone else who wants to have this.  Even though some people don't use nscd for glibc, they use other implementations.  Adding features which are not generally used just means introducing sources of future problems.
Comment 3 Mike Frysinger 2012-03-07 13:24:54 UTC
could you possibly keep the crap out of your comments ?  this anti-google sentiment really has no business here.

but on to the facts:
 - the feature in question is *already* in the source (this patch doesn't add the USE_NSCD define)
 - this patch only makes control of the -DUSE_NSCD flag into a configure option
 - there should be no ABI change

the amount of additional "overhead" here is trivial.  i'd also contend the assertion that google would be the only consumer of this.  plenty of embedded devices could care less about having a daemon like nscd running.
Comment 4 Roland McGrath 2012-08-22 20:42:14 UTC
Done with a different implementation than the one here.