Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 1 Aug 2015 15:36:29 +0200
From:      Jilles Tjoelker <jilles@stack.nl>
To:        Bruce Evans <brde@optusnet.com.au>
Cc:        Baptiste Daroussin <bapt@freebsd.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r285985 - in head/usr.sbin/pw: . tests
Message-ID:  <20150801133629.GA94932@stack.nl>
In-Reply-To: <20150729080932.S5059@besplex.bde.org>
References:  <201507282110.t6SLAx0k035167@repo.freebsd.org> <20150729080932.S5059@besplex.bde.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 29, 2015 at 08:52:52AM +1000, Bruce Evans wrote:
> On Tue, 28 Jul 2015, Baptiste Daroussin wrote:
> > Added: head/usr.sbin/pw/tests/pw_groupadd.sh
> > ==============================================================================
> > --- /dev/null	00:00:00 1970	(empty, because file is newly added)
> > +++ head/usr.sbin/pw/tests/pw_groupadd.sh	Tue Jul 28 21:10:58 2015	(r285985)
> > @@ -0,0 +1,15 @@
> > +# $FreeBSD$
> > +
> > +# Import helper functions
> > +. $(atf_get_srcdir)/helper_functions.shin
> > +
> > +atf_test_case group_add_gid_too_large
> > +group_add_gid_too_large_body() {
> > +	populate_etc_skel
> > +	atf_check -s exit:64 -e inline:"pw: Bad id '9999999999999': too large\n" \
> > +		${PW} groupadd -n test1 -g 9999999999999
> > +}

> Check for large valid ids on i386 (should succeed, but currently fail),
> negative ids (require failure), magic ids like (uid_t)-1 and (uid_t)-2
> (should fail, but currently succeed on amd64), and the hex ids (should
> succeed, but currently fail).  (uid_t)-1 is special for some syscalls,
> so shouldn't be permitted for users.  (uid_t)-2 special for nfs (see
> exports(5)).  The magic ids are hard to spell without using hex, but
> pw is too broken to accept that.  For 32-bit ids, the above number
> should be replaced by 0x100000000 when pw supports hex.  Also check
> that 0xffffffff and 0xfffffffe are not too large, but reserved, and
> that 0xfffffffd is not too large and not reserved.

These values are easily written using arithmetic expansion, for example
largeid=$((0x100000000)).

When using strtol() or similar functions, accepting hex typically
implies accepting octal as well, which causes confusing and
POSIX-violating results like 010 interpreted as eight.

-- 
Jilles Tjoelker



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150801133629.GA94932>