From owner-freebsd-current Tue Nov 20 5: 6:54 2001 Delivered-To: freebsd-current@freebsd.org Received: from whale.sunbay.crimea.ua (whale.sunbay.crimea.ua [212.110.138.65]) by hub.freebsd.org (Postfix) with ESMTP id BD04337B425; Tue, 20 Nov 2001 05:06:19 -0800 (PST) Received: (from ru@localhost) by whale.sunbay.crimea.ua (8.11.6/8.11.2) id fAKD2eM23065; Tue, 20 Nov 2001 15:02:40 +0200 (EET) (envelope-from ru) Date: Tue, 20 Nov 2001 15:02:39 +0200 From: Ruslan Ermilov To: Max Khon , Anton Berezin Cc: current@FreeBSD.org Subject: Re: misc/15421 (was: Re: initgroups) Message-ID: <20011120150239.D7645@sunbay.com> References: <20011114021956.B10325@iclub.nsu.ru> <3BF19EA9.3FC5F040@mindspring.com> <20011119181949.R32927@sunbay.com> <20011119222854.B38492@iclub.nsu.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20011119222854.B38492@iclub.nsu.ru> User-Agent: Mutt/1.3.23i Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Mon, Nov 19, 2001 at 10:28:55PM +0600, Max Khon wrote: > hi, there! > > On Mon, Nov 19, 2001 at 06:19:50PM +0200, Ruslan Ermilov wrote: > > > > Can setgroups return a positive number? If so, you've just changed > > > the semantics of the funtion; before, it used to return 0 on 0 or a > > > positive number. > > > > > No. setgroups() is a syscall, and as such returns either 0 or -1. > > > > > Also, is removing the _warn() really the only thing you want to > > > accomplish? It should probably be seperate. > > > > > I have intended to commit the below patch for almost a year now, > > just haven't had enough time to actually fo it. NetBSD runs with > > this fix since 1999. > > > > Index: initgroups.c > > =================================================================== > > RCS file: /home/ncvs/src/lib/libc/gen/initgroups.c,v > > retrieving revision 1.4 > > diff -u -p -r1.4 initgroups.c > > --- initgroups.c 2001/08/29 13:52:26 1.4 > > +++ initgroups.c 2001/11/19 16:16:11 > > @@ -56,12 +56,6 @@ initgroups(uname, agroup) > > int groups[NGROUPS], ngroups; > > > > ngroups = NGROUPS; > > - if (getgrouplist(uname, agroup, groups, &ngroups) < 0) > > - warnx("%s is in too many groups, using first %d", > > - uname, ngroups); > > - if (setgroups(ngroups, groups) < 0) { > > - _warn("setgroups"); > > - return (-1); > > - } > > - return (0); > > + getgrouplist(uname, agroup, groups, &ngroups); > > + return (setgroups(ngroups, groups); There's a missing closing parenthesis above, sorry. > > Index: initgroups.3 [...] > I asked tobez (he is an originator and he took responsibility on this PR) > and he said that src/ must be audited also -- he said that some initgroups() > callers do not print error message because initgroups() did this > previously. > > I'll try to do this before this weekend and I will post combined patch > to audit@ > While this is indeed a good thing to do, this is completely unrelated to the above mentioned problem, and should be done separately. Here's the list of src/ files that do not check the return value of initgroups(3), and may need to be fixed, but some of them explicitly ignore the result to indicate the fact they consider this error non-fatal. libexec/ftpd/ftpd.c libexec/rexecd/rexecd.c usr.bin/calendar/calendar.c usr.sbin/inetd/inetd.c Cheers, -- Ruslan Ermilov Oracle Developer/DBA, ru@sunbay.com Sunbay Software AG, ru@FreeBSD.org FreeBSD committer, +380.652.512.251 Simferopol, Ukraine http://www.FreeBSD.org The Power To Serve http://www.oracle.com Enabling The Information Age To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message