Public bug reported:
My /etc/hosts contains the entry
192.109.102.54 mac.urlichs.noris.de
My /etc/nsswitch.conf contains the entry
hosts: files dns
I would expect that starting nscd, or not, would not have any effect
except performance. This log clearly shows otherwise.
The security implication is that entries in /etc/hosts may be necessary
to override information in the DNS which the local admin assumes (or,
worse, knows) to be unreliable and/or wrong. If these host names are
also used in ACLs, ignoring /etc/hosts may thus allow access from hosts
which ordinarily would be forbidden.
# /etc/init.d/nscd stop
Stopping Name Service Cache Daemon: nscd.
# ping -c1 mac.urlichs.noris.de
PING mac.urlichs.noris.de (192.109.102.54) 56(84) bytes of data.
64 bytes from mac.urlichs.noris.de (192.109.102.54): icmp_seq=1 ttl=64
time=0.418 ms
--- mac.urlichs.noris.de ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.418/0.418/0.418/0.000 ms
# /etc/init.d/nscd start
Starting Name Service Cache Daemon: nscd.
# ping -c1 mac.urlichs.noris.de
PING mac.urlichs.noris.de (213.95.17.43) 56(84) bytes of data.
--- mac.urlichs.noris.de ping statistics ---
0 packets transmitted, 0 received
# /etc/init.d/nscd stop
Stopping Name Service Cache Daemon: nscd.
# ping -c1 mac.urlichs.noris.de
PING mac.urlichs.noris.de (192.109.102.54) 56(84) bytes of data.
64 bytes from mac.urlichs.noris.de (192.109.102.54): icmp_seq=1 ttl=64
time=0.396 ms
--- mac.urlichs.noris.de ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.396/0.396/0.396/0.000 ms
** Affects: glibc (Ubuntu)
Importance: Untriaged
Status: Unconfirmed
** Visibility changed to: Public
--
nscd ignores /etc/hosts
https://launchpad.net/bugs/62020
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
