[Touch-packages] [Bug 1905261] Re: Openssl ignores order from /etc/nsswitch.conf

Fri, 23 Dec 2022 20:27:13 -0800 

[Expired for linux-meta (Ubuntu) because there has been no activity for
60 days.]

** Changed in: linux-meta (Ubuntu)
       Status: Incomplete => Expired

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1905261

Title:
  Openssl ignores order from /etc/nsswitch.conf

Status in linux-meta package in Ubuntu:
  Expired
Status in openssl package in Ubuntu:
  Expired

Bug description:
  
  I'm issuing command like below:
  openssl s_client -connect subdomain.domain.example.com

  I have following nsswitch.confg defined:
  '''
  $ cat /etc/nsswitch.conf 
  # /etc/nsswitch.conf
  #
  # Example configuration of GNU Name Service Switch functionality.
  # If you have the `glibc-doc-reference' and `info' packages installed, try:
  # `info libc "Name Service Switch"' for information about this file.

  passwd:         compat systemd
  group:          compat systemd
  shadow:         compat

  hosts:          files mdns4_minimal [NOTFOUND=return] resolve 
[!UNAVAIL=return] dns myhostname
  networks:       files

  protocols:      db files
  services:       db files
  ethers:         db files
  rpc:            db files

  netgroup:       nis
  '''

  
  For host resolution /etc/hosts file should take precedence. But it doesn't 
work that way and when I have some unresolvable name it tries to connect to DNS 
ignoring local hosts file. The order can be clearly visible in strace:

  
  '''openat(AT_FDCWD, "/usr/lib/ssl/ct_log_list.cnf", O_RDONLY) = -1 ENOENT (No 
such file or directory)
  openat(AT_FDCWD, "/usr/lib/ssl/cert.pem", O_RDONLY) = -1 ENOENT (No such file 
or directory)
  socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
  connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 
ENOENT (No such file or directory)
  close(5)                                = 0
  socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5
  connect(5, {sa_family=AF_UNIX, sun_path="/var/run/nscd/socket"}, 110) = -1 
ENOENT (No such file or directory)
  close(5)                                = 0
  openat(AT_FDCWD, "/etc/nsswitch.conf", O_RDONLY|O_CLOEXEC) = 5
  fstat(5, {st_mode=S_IFREG|0644, st_size=560, ...}) = 0
  read(5, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 560
  read(5, "", 4096)                       = 0
  close(5)                                = 0
  stat("/etc/resolv.conf", {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
  openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 5
  fstat(5, {st_mode=S_IFREG|0644, st_size=93, ...}) = 0
  read(5, "# The \"order\" line is only used "..., 4096) = 93
  read(5, "", 4096)                       = 0
  close(5)                                = 0
  futex(0x7f3d2d2b5ba4, FUTEX_WAKE_PRIVATE, 2147483647) = 0
  openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 5
  fstat(5, {st_mode=S_IFREG|0644, st_size=64, ...}) = 0
  read(5, "# Generated by NetworkManager\nse"..., 4096) = 64
  read(5, "", 4096)                       = 0
  close(5)                                = 0
  openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
  fstat(5, {st_mode=S_IFREG|0644, st_size=335124, ...}) = 0
  mmap(NULL, 335124, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f3d2de05000
  close(5)                                = 0
  access("/etc/ld.so.nohwcap", F_OK)      = -1 ENOENT (No such file or 
directory)
  openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libnss_files.so.2", 
O_RDONLY|O_CLOEXEC) = 5
  read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P#\0\0\0\0\0\0"..., 
832) = 832
  fstat(5, {st_mode=S_IFREG|0644, st_size=47568, ...}) = 0
  mmap(NULL, 2168632, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 
0x7f3d2cab0000
  mprotect(0x7f3d2cabb000, 2093056, PROT_NONE) = 0
  mmap(0x7f3d2ccba000, 8192, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xa000) = 0x7f3d2ccba000
  mmap(0x7f3d2ccbc000, 22328, PROT_READ|PROT_WRITE, 
MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f3d2ccbc000
  close(5)                                = 0
  mprotect(0x7f3d2ccba000, 4096, PROT_READ) = 0
  munmap(0x7f3d2de05000, 335124)          = 0
  openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 5
  '''

  ProblemType: Bug
  DistroRelease: Ubuntu 18.04
  Package: openssl 1.1.1-1ubuntu2.1~18.04.6
  ProcVersionSignature: Ubuntu 4.15.0-124.127-generic 4.15.18
  Uname: Linux 4.15.0-124-generic x86_64
  NonfreeKernelModules: wl
  ApportVersion: 2.20.9-0ubuntu7.20
  Architecture: amd64
  Date: Mon Nov 23 10:49:41 2020
  InstallationDate: Installed on 2015-05-08 (2026 days ago)
  InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
  ProcEnviron:
   TERM=xterm-256color
   PATH=(custom, no user)
   LANG=pl_PL.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: Upgraded to bionic on 2018-08-26 (819 days ago)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux-meta/+bug/1905261/+subscriptions


-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to