Ceri Davies wrote:
> I'd like to request a sponsor for bug 6339753, allowing nsswitch files
> backends to use comments.
> The fix is seemingly trivial but I particularly want guidance on whether
> comments should only be allowed when they begin a new line, in order to
> avoid breaking existing databases.
I think this is quite a big issue.
There is no defined comment char for some of these databases, including
/etc/passwd and /etc/shadow. "Fixing" this effectively introduces a
comment char. On the other hand for databases like user_attr(4),
exec_attr(4), prof_attr(4) there is a defined comment char (and it is '#').
Simply allowing this via nsswitch is only part of the issue, what
happens to all the tools that modify all the files backend nsswitch
databases ? What should they do with comments ?
I think this needs further discussion somewhere other than
request-sponsor. Since this is mostly nameservices related I think the
best alias is sparks-discuss@ however I also suspect that many of the
security-discuss@ subscribers would be interested in this too.
Darren J Moffat