Date: Thu, 17 Nov 2005 10:11:56 -0800 From: John-Mark Gurney <gurney_j@resnet.uoregon.edu> To: Hartmut Brandt <harti@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/rpc.lockd kern.c Message-ID: <20051117181156.GA885@funkthat.com> In-Reply-To: <200511171219.jAHCJJw6079767@repoman.freebsd.org> References: <200511171219.jAHCJJw6079767@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hartmut Brandt wrote this message on Thu, Nov 17, 2005 at 12:19 +0000:
> harti 2005-11-17 12:19:19 UTC
>
> FreeBSD src repository
>
> Modified files:
> usr.sbin/rpc.lockd kern.c
> Log:
> When a user is in more than 16 groups the call to authunix_create() will
> result in abort() beeing called. This is because there is a limit of
> the number of groups in the RPC which is 16. When the actual number of
> groups is too large it results in xdr_array() returning an error which,
> in turn, authunix_create() handles by just calling abort().
>
> Fix this by passing only the first 16 groups to authunix_create().
Can't this cause problems with files that have a mode of 0604? Since
normally the user would be unable to read it, but if the group gets
dropped, then he is now able to access or lock the file? I don't know
what the groups are used, but silently dropping groups sounds bad to
me...
--
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051117181156.GA885>