Ceri Davies wrote:
> I'd like to request a sponsor for bug 6339753, allowing nsswitch files
> backends to use comments.
> The fix is seemingly trivial but I particularly want guidance on whether
> comments should only be allowed when they begin a new line, in order to
> avoid breaking existing databases.

I think this is quite a big issue.

There is no defined comment char for some of these databases, including 
/etc/passwd and /etc/shadow.  "Fixing" this effectively introduces a 
comment char.  On the other hand for databases like user_attr(4), 
exec_attr(4), prof_attr(4) there is a defined comment char (and it is '#').

Simply allowing this via nsswitch is only part of the issue, what 
happens to all the tools that modify all the files backend nsswitch 
databases ?  What should they do with comments ?

I think this needs further discussion somewhere other than 
request-sponsor.  Since this is mostly nameservices related I think the 
best alias is sparks-discuss@  however I also suspect that many of the 
security-discuss@ subscribers would be interested in this too.

Darren J Moffat

Reply via email to