On Tue, 2009-12-22 at 21:26 +0100, Casper.Dik at Sun.COM wrote: > > > >Right, and I think you may also have discovered libnsl's use of socket > >ioctls to get local address information while processing name lookup > >calls. It does that because nscd's address lists are unsorted, and > >getaddrinfo() and friends return a sorted address list using an > >algorithm that uses the local address list as input (this was introduced > >by PSARC 2002/390). That said, given that applications without the > >proposed privilege won't be able to communicate with the returned > >addresses, their sort order is quite meaningless. In that case, > >ignoring the failed socket() call and returning the unsorted address > >list directly from nscd would likely be the right thing to do. > > I indeed discovered this; I do prefer fixing that, though, because I prefer > this: > > finger @localhost > [localhost] socket: Permission denied > > to this: > finger @localhost > unknown host: localhost
Indeed. > > So why is nscd not sorting the addresses? I stand corrected, nscd does keep a sorted list (I should remember these things, it's only been 10 years). ;-) I believe the issue is that getipnodebyname() could potentially obtain separate IPv4 and IPv6 results after having done two separate calls to nscd (one for NSS_HOST and another for NSS_HOST6), and it then needs to sort the resulting merged set of addresses. The libnsl/nscd interactions could stand to be simplified so that the sorting only ever needs to be done by nscd, but we're straying a bit from relevancy as far as this case is concerned. -Seb
