Bug 25156 - discrepancy between NSS documentation and actual behaviour/code if nsswitch.conf is absent
Summary: discrepancy between NSS documentation and actual behaviour/code if nsswitch.c...
Status: UNCONFIRMED
Alias: None
Product: glibc
Classification: Unclassified
Component: nss (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-11-02 18:16 UTC by Jan Hacker
Modified: 2019-11-11 10:07 UTC (History)
3 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:
fweimer: security-


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jan Hacker 2019-11-02 18:16:06 UTC
I raised this topic in https://github.com/golang/go/issues/35305 :

https://www.gnu.org/software/libc/manual/html_node/Notes-on-NSS-Configuration-File.html
states that, in absence of /etc/nsswitch.conf, ...:
"For the hosts and networks databases the default value is dns [!UNAVAIL=return] files."

In contrast, https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nsswitch.c#l157 seems to use "files" exclusively, if no /etc/nsswitch.conf is present.

Could you please confirm that the manual ( https://sourceware.org/git/?p=glibc.git;a=blob;f=manual/nss.texi;h=821469a78a298b83c60ed66884fe08e98bb741e0;hb=HEAD#l327 ) is outdated and does not reflect current/actual behaviour (of using "files" exclusively in absence of nsswitch.conf) ... and if so, update the manual?

Furthermore, the https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nsswitch.conf#l60 uses "hosts: files dns" as default.
I wonder whether it's a good idea to provide a default nsswitch.conf (which uses "hosts: files dns"), while nsswitch.c effectively uses only "files" as "default" if nsswitch.conf is absent. Wouldn't "files dns" be a more user-friendly default in code, as it would match the example/default nsswitch.conf?
Comment 1 Carlos O'Donell 2019-11-04 21:49:36 UTC
(In reply to Jan Hacker from comment #0)
> I raised this topic in https://github.com/golang/go/issues/35305 :
> 
> https://www.gnu.org/software/libc/manual/html_node/Notes-on-NSS-
> Configuration-File.html
> states that, in absence of /etc/nsswitch.conf, ...:
> "For the hosts and networks databases the default value is dns
> [!UNAVAIL=return] files."
> 
> In contrast,
> https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nsswitch.c#l157 seems
> to use "files" exclusively, if no /etc/nsswitch.conf is present.
> 
> Could you please confirm that the manual (
> https://sourceware.org/git/?p=glibc.git;a=blob;f=manual/nss.texi;
> h=821469a78a298b83c60ed66884fe08e98bb741e0;hb=HEAD#l327 ) is outdated and
> does not reflect current/actual behaviour (of using "files" exclusively in
> absence of nsswitch.conf) ... and if so, update the manual?
> 
> Furthermore, the
> https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/nsswitch.conf#l60 uses
> "hosts: files dns" as default.
> I wonder whether it's a good idea to provide a default nsswitch.conf (which
> uses "hosts: files dns"), while nsswitch.c effectively uses only "files" as
> "default" if nsswitch.conf is absent. Wouldn't "files dns" be a more
> user-friendly default in code, as it would match the example/default
> nsswitch.conf?

(1) What is the default without nsswitch.conf?

We define DEFAULT_CONFIG in the source file that is used to define the service.

nss/hosts-lookup.c:
 19 #define DATABASE_NAME hosts
 20 #define DEFAULT_CONFIG "dns [!UNAVAIL=return] files"
 21 
 22 #include "XXX-lookup.c"

So here we define it in a way that matches the manual.

Then the lookup uses a DEFAULT_CONFIG which is non-NULL and so the code you quoted is never used for hosts.

(2) What *should* the default be?

I think it should probably be adjusted to "files dns" as we use in modern day distributions.

In summary:
- I think we're only talking about (2) in this case, but if you have observed (1) to be wrong, then please say so and provide some debugging details.
Comment 2 Jan Hacker 2019-11-04 22:09:52 UTC
(In reply to Carlos O'Donell from comment #1)
> (1) What is the default without nsswitch.conf?
> 
> We define DEFAULT_CONFIG in the source file that is used to define the
> service.

Yes, thank you -- a few minutes ago, djdelorie pointed this out to me on IRC.
I really only mis-read the code :-(
In the meantime, I verified it really works as documented.

> (2) What *should* the default be?
> 
> I think it should probably be adjusted to "files dns" as we use in modern
> day distributions.
> 
> In summary:
> - I think we're only talking about (2) in this case, but if you have
> observed (1) to be wrong, then please say so and provide some debugging
> details.

I'm really happy to hear you're open to adjusting the default!
I think that would be a user-friendly change - and, as a side-effect, it would also resolve the original issue I raised within Go :-)

So far, I couldn't come up with any negative effects of that change...
DJ Delorie proposed to take such a discussion to libc-alpha.
Would you like me to post a corresponding thread on libc-alpha or will you simply discuss/manage it "internally"?

Thanks!
Comment 3 Carlos O'Donell 2019-11-04 22:14:23 UTC
(In reply to Jan Hacker from comment #2)
> So far, I couldn't come up with any negative effects of that change...
> DJ Delorie proposed to take such a discussion to libc-alpha.
> Would you like me to post a corresponding thread on libc-alpha or will you
> simply discuss/manage it "internally"?

Please post to libc-alpha. There is no "internal" process. We should seek some advice on the list from other core developers. Thanks for helping move the goal post.
Comment 4 Jan Hacker 2019-11-05 00:16:34 UTC
(In reply to Carlos O'Donell from comment #3)
> (In reply to Jan Hacker from comment #2)
> > So far, I couldn't come up with any negative effects of that change...
> > DJ Delorie proposed to take such a discussion to libc-alpha.
> > Would you like me to post a corresponding thread on libc-alpha or will you
> > simply discuss/manage it "internally"?
> 
> Please post to libc-alpha. There is no "internal" process. We should seek
> some advice on the list from other core developers. Thanks for helping move
> the goal post.

Done: https://sourceware.org/ml/libc-alpha/2019-11/msg00093.html
Hope it's ok? Let's see what happens :-)
Thanks again!