Openssl ignores order from /etc/nsswitch.conf
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
linux-meta (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
openssl (Ubuntu) |
Expired
|
Undecided
|
Unassigned |
Bug Description
I'm issuing command like below:
openssl s_client -connect subdomain.
I have following nsswitch.confg defined:
'''
$ cat /etc/nsswitch.conf
# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-
# `info libc "Name Service Switch"' for information about this file.
passwd: compat systemd
group: compat systemd
shadow: compat
hosts: files mdns4_minimal [NOTFOUND=return] resolve [!UNAVAIL=return] dns myhostname
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
'''
For host resolution /etc/hosts file should take precedence. But it doesn't work that way and when I have some unresolvable name it tries to connect to DNS ignoring local hosts file. The order can be clearly visible in strace:
'''openat(AT_FDCWD, "/usr/lib/
openat(AT_FDCWD, "/usr/lib/
socket(AF_UNIX, SOCK_STREAM|
connect(5, {sa_family=AF_UNIX, sun_path=
close(5) = 0
socket(AF_UNIX, SOCK_STREAM|
connect(5, {sa_family=AF_UNIX, sun_path=
close(5) = 0
openat(AT_FDCWD, "/etc/nsswitch.
fstat(5, {st_mode=
read(5, "# /etc/nsswitch.
read(5, "", 4096) = 0
close(5) = 0
stat("/
openat(AT_FDCWD, "/etc/host.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=
read(5, "# The \"order\" line is only used "..., 4096) = 93
read(5, "", 4096) = 0
close(5) = 0
futex(0x7f3d2d2
openat(AT_FDCWD, "/etc/resolv.conf", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=
read(5, "# Generated by NetworkManager\
read(5, "", 4096) = 0
close(5) = 0
openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 5
fstat(5, {st_mode=
mmap(NULL, 335124, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f3d2de05000
close(5) = 0
access(
openat(AT_FDCWD, "/lib/x86_
read(5, "\177ELF\
fstat(5, {st_mode=
mmap(NULL, 2168632, PROT_READ|
mprotect(
mmap(0x7f3d2ccb
mmap(0x7f3d2ccb
close(5) = 0
mprotect(
munmap(
openat(AT_FDCWD, "/etc/hosts", O_RDONLY|O_CLOEXEC) = 5
'''
ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: openssl 1.1.1-1ubuntu2.
ProcVersionSign
Uname: Linux 4.15.0-124-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.9-0ubuntu7.20
Architecture: amd64
Date: Mon Nov 23 10:49:41 2020
InstallationDate: Installed on 2015-05-08 (2026 days ago)
InstallationMedia: Ubuntu 15.04 "Vivid Vervet" - Release amd64 (20150422)
ProcEnviron:
TERM=xterm-
PATH=(custom, no user)
LANG=pl_PL.UTF-8
SHELL=/bin/bash
SourcePackage: openssl
UpgradeStatus: Upgraded to bionic on 2018-08-26 (819 days ago)
Looks like the linux-meta task was added recently, was that intended? I'm not certain that this would be a kernel bug. Marking that part incomplete - additional info would help.