nss/nsswitch.c should dlopen() the NSS modules with RTLD_DEEPBIND so that the
application symbols will not interfere with symbols the NSS module is using.
A practical example (pointed out by Michael Meeks) is nss_ldap + Thunderbird
failing, since both use incompatible LDAP libraries with some symbols clashing;
nss_ldap will use the Thunderbird LDAP library symbols in preference to these of
its own library, resulting in a crash. Deepbinding should solve this problem,
and I can think of no bad side-effects (in sane situations).
i tried merging this into the Gentoo glibc package, but things went badly for
mozilla users. feel like having a look ?
By now, plenty of bad side-effects popped up mainly due to the fact that custom
malloc() overrides do not work - the NSS module will ignore them, but will try
to free() pointers allocated by glibc using the overriden malloc(). It's
probably best to require NSS modules not to pollute namespace.