From owner-freebsd-stable  Tue Nov 13  9:50:18 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from D00015.dialonly.kemerovo.su (www2.svzserv.kemerovo.su [213.184.65.86])
	by hub.freebsd.org (Postfix) with ESMTP id 9715037B405
	for <stable@freebsd.org>; Tue, 13 Nov 2001 09:50:09 -0800 (PST)
Received: (from eugen@localhost)
	by D00015.dialonly.kemerovo.su (8.11.6/8.11.4) id fADHn7s03690
	for stable@freebsd.org; Wed, 14 Nov 2001 00:49:07 +0700 (KRAT)
	(envelope-from eugen)
Date: Wed, 14 Nov 2001 00:49:07 +0700
From: Eugene Grosbein <eugen@grosbein.pp.ru>
To: stable@freebsd.org
Subject: src/lib/libc/gen/initgroups.c: warn() breaks CVS protocol
Message-ID: <20011114004907.D864@grosbein.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Hi!

I'm trying to setup local anonymous read-only CVS pserver for my mirror 
of FreeBSD CVS Repository. The Repo is owned by root.
My system is 4.4-STABLE and I use stock cvs for 'cvs pserver -R'.

I do not want cvs be allowed to write to the Repo or read /etc/master.passwd
so I setup CVSROOT/passwd, CVSROOT/readers, CVSROOT/writers and I
run cvspserver from inetd as non-root user 'anoncvs'. My CVSROOT/passwd file
contains one line:

anoncvs:hashed_password:anoncvs

'cvs login' works fine, but 'cvs checkout' does not.

cvs(1) tries to call initgroups(3) and does not complain if it returns EPERM
(see src/contrib/cvs/src/server.c, line 5286). But initgroups()
uses warn(3) to note setgroups(2) failure. That breaks CVS protocol
and client obtains this message:

$ cvs checkout -r ppp_2_3_5 src/usr.sbin/pppd
cvs [checkout aborted]: unrecognized auth response from my.anoncvs.host: cvs: 
setgroups: Operation not permitted

I cannot run cvspserver as root because it does not use /etc/login.conf
restrictions then. Using inetd is a perfect way to limit resource
usage for cvs but this bug (or feature) of libc breaks protocol.

So, the question is: will this be fixed?
What if I just comment out that warn() in src/lib/libc/gen/initgroups.c?

Eugene Grosbein

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message