Russ Allbery wrote:
I assume from the ldap.conf documentation that if tls_cacertfile is set, tls_cacertdir is irrelevant? Or are both explored for a root cert to validate the remote server?
Both will get used.
I think that if both the NSS and PAM modules deal with those variables, that removes most of my concern. I'd still feel generally better with a safety net in the library for setuid processes on the principle of defense in depth and because safely using the LDAP library in such a situation requires thinking more about configuration initialization than I think some users may realize, but I'll freely admit that my concern at that point is theoretical.
I'm not totally convinced yet, will think about it. The patch would have to be #ifdef'd (HAVE_GETEUID or something) since it would not be relevant on Windows and some other obscure platforms.