On 2010-01-23 Ansgar Burchardt <ans...@2008.43-1.org> wrote: > the function lock_pool from src/secmem.c has the side effect of changing > user ids if real uid != effective uid. This causes strange behaviour in > other programs:
> A program using libnss-ldap for querying group membership with SSL > enabled, but without nscd might suddenly change the user id when calling > getgroups (or initgroups). An example for this is the atd daemon[1]. > Regards, > Ansgar > [1] https://bugs.launchpad.net/bugs/509734 Hello, afaiui this is documented behavior: | GCRYCTL_INIT_SECMEM; Arguments: int nbytes | This command is used to allocate a pool of secure memory and thus | enabling the use of secure memory. It also drops all extra privileges | the process has (i.e. if it is run as setuid (root)). If the argument | nbytes is 0, secure memory will be disabled. The minimum amount of | secure memory allocated is currently 16384 bytes; you may thus use a | value of 1 to request that default size. cu andreas -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
