This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On 07/03/2014 09:30 PM, Roland McGrath wrote:
nscd crashes would only mean degraded service. Depending on the service it is caching, the degradation may range from insignificant to quite serious.That's the first-order effect. It also means that individual applications start loading NSS modules directly when they weren't before. Combined with NSS module bugs, that could expose otehr security-relevant bugs that were masked while nscd was running.
That's why I mentioned nss_ldap. :-)But your comment suggest to me that an nscd crash would generally be fairly limited in impact and not as annoying as, say, a hanging syslog process (which tends to take down the entire system eventually).
If nscd crashes and unwanted in-process NSS module fallback is a concern, maybe we could add some construct that once nscd has been started first, fallback is disabled? Would that make sense?
-- Florian Weimer / Red Hat Product Security
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |