[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4750) libldap initialization of ~/.ldaprc and setuid

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4750) libldap initialization of ~/.ldaprc and setuid
From: quanah@stanford.edu
Date: Tue, 14 Nov 2006 05:35:41 GMT

--On Tuesday, November 14, 2006 5:06 AM +0000 Kurt@OpenLDAP.org wrote:

> I note that nss/pam-ldap setting NOINIT (or otherwise mucking
> with libldap options) might break LDAP-enabled programs.  But
> that's another matter.
>
> Anyways, I think the only good fix (for this and many other
> larger problems) is a library redesign/rewrite.

Okay.

I note I don't find any mention of NOINIT in the nss_ldap or pam_ldap 
source, maybe it was removed at some point?  I'm looking at the latest code 
from PADL.

Unless you mean patching nss_ldap/pam_ldap to set "LDAPNOINIT" in the 
environment?  Which has other problems.

>From the source of libldap:

init.c: if( getenv("LDAPNOINIT") != NULL ) {

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITS/Shared Application Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Prev by Date: Re: (ITS#4750) libldap initialization of ~/.ldaprc and setuid
Next by Date: (ITS#4751) back-perl crashing with anonymous search request
Index(es):
- Chronological
- Thread