Date: Mon, 3 Sep 2001 19:24:49 +0300 From: Ruslan Ermilov <ru@FreeBSD.org> To: Warner Losh <imp@FreeBSD.org>, Bruce Evans <bde@FreeBSD.org>, Kris Kennaway <kris@FreeBSD.org>, Mark Murray <markm@FreeBSD.org> Cc: audit@FreeBSD.org Subject: wall -g is broken Message-ID: <20010903192449.B29616@sunbay.com>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
Hi!
As the subject line says, ``wall -g'' appears to be broken.
I feel somewhat confused, as the original list of reviewers
looks quite amazing: imp, bde, kris, markm, audit@.
The use of the getgroups(3) function is unproven since:
1) Its first argument should specify the array size, and
is of type `int', not `gid_t'.
2) The code gives false matches and does not produce the
required matches. Instead of checking the membership
of each line's owner in the -g list of groups, the
code gives a match if at least one of the -g groups
matches those of the process's groups, as returned
by getgroups(). Thus,
wall -g `id -gn`
will match the entire ttys(5).
The attached patch fixes this.
Please _REALLY_ review this now!
<PS>
This bug was obtained from OpenBSD, but without mentioning
this in the commit log's ``Obtained from: '' field. The
bug is still present in OpenBSD.
</PS>
Thanks,
--
Ruslan Ermilov Oracle Developer/DBA,
ru@sunbay.com Sunbay Software AG,
ru@FreeBSD.org FreeBSD committer,
+380.652.512.251 Simferopol, Ukraine
http://www.FreeBSD.org The Power To Serve
http://www.oracle.com Enabling The Information Age
[-- Attachment #2 --]
Index: wall.c
===================================================================
RCS file: /home/ncvs/src/usr.bin/wall/wall.c,v
retrieving revision 1.19
diff -u -p -r1.19 wall.c
--- wall.c 2001/05/08 11:11:42 1.19
+++ wall.c 2001/09/03 16:19:54
@@ -87,18 +87,16 @@ main(int argc, char *argv[])
{
struct iovec iov;
struct utmp utmp;
- gid_t grps[NGROUPS_MAX];
int ch;
- int ingroup, ngrps, i;
+ int ingroup;
FILE *fp;
struct wallgroup *g;
struct group *grp;
- char *p;
+ char *p, **np;
struct passwd *pw;
char line[sizeof(utmp.ut_line) + 1];
char username[sizeof(utmp.ut_name) + 1];
- ingroup = 0;
(void)setlocale(LC_CTYPE, "");
while ((ch = getopt(argc, argv, "g:n")) != -1)
@@ -144,19 +142,24 @@ main(int argc, char *argv[])
!strncmp(utmp.ut_name, IGNOREUSER, sizeof(utmp.ut_name)))
continue;
if (grouplist) {
+ ingroup = 0;
strlcpy(username, utmp.ut_name, sizeof(utmp.ut_name));
pw = getpwnam(username);
if (!pw)
continue;
- ngrps = getgroups(pw->pw_gid, grps);
for (g = grouplist; g && ingroup == 0; g = g->next) {
if (g->gid == -1)
continue;
if (g->gid == pw->pw_gid)
ingroup = 1;
- for (i = 0; i < ngrps && ingroup == 0; i++)
- if (g->gid == grps[i])
- ingroup = 1;
+ else if ((grp = getgrgid(g->gid)) != NULL) {
+ for (np = grp->gr_mem; *np; np++) {
+ if (strcmp(*np, username) == 0) {
+ ingroup = 1;
+ break;
+ }
+ }
+ }
}
if (ingroup == 0)
continue;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010903192449.B29616>