From owner-cvs-src@FreeBSD.ORG  Thu Nov 17 19:36:24 2005
Return-Path: <owner-cvs-src@FreeBSD.ORG>
X-Original-To: cvs-src@FreeBSD.org
Delivered-To: cvs-src@FreeBSD.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id B026E16A41F;
	Thu, 17 Nov 2005 19:36:24 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from cyrus.watson.org (cyrus.watson.org [209.31.154.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6853143D46;
	Thu, 17 Nov 2005 19:36:24 +0000 (GMT)
	(envelope-from rwatson@FreeBSD.org)
Received: from fledge.watson.org (fledge.watson.org [209.31.154.41])
	by cyrus.watson.org (Postfix) with ESMTP id 1C56846BC6;
	Thu, 17 Nov 2005 14:36:24 -0500 (EST)
Date: Thu, 17 Nov 2005 19:36:24 +0000 (GMT)
From: Robert Watson <rwatson@FreeBSD.org>
X-X-Sender: robert@fledge.watson.org
To: John-Mark Gurney <gurney_j@resnet.uoregon.edu>
In-Reply-To: <20051117181156.GA885@funkthat.com>
Message-ID: <20051117193537.C1109@fledge.watson.org>
References: <200511171219.jAHCJJw6079767@repoman.freebsd.org>
	<20051117181156.GA885@funkthat.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org,
	Hartmut Brandt <harti@FreeBSD.org>, cvs-all@FreeBSD.org
Subject: Re: cvs commit: src/usr.sbin/rpc.lockd kern.c
X-BeenThere: cvs-src@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the src tree <cvs-src.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-src>
List-Post: <mailto:cvs-src@freebsd.org>
List-Help: <mailto:cvs-src-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-src>,
	<mailto:cvs-src-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Nov 2005 19:36:24 -0000


On Thu, 17 Nov 2005, John-Mark Gurney wrote:

> Hartmut Brandt wrote this message on Thu, Nov 17, 2005 at 12:19 +0000:
>> harti       2005-11-17 12:19:19 UTC
>>
>>   FreeBSD src repository
>>
>>   Modified files:
>>     usr.sbin/rpc.lockd   kern.c
>>   Log:
>>   When a user is in more than 16 groups the call to authunix_create() will
>>   result in abort() beeing called. This is because there is a limit of
>>   the number of groups in the RPC which is 16. When the actual number of
>>   groups is too large it results in xdr_array() returning an error which,
>>   in turn, authunix_create() handles by just calling abort().
>>
>>   Fix this by passing only the first 16 groups to authunix_create().
>
> Can't this cause problems with files that have a mode of 0604?  Since 
> normally the user would be unable to read it, but if the group gets 
> dropped, then he is now able to access or lock the file?  I don't know 
> what the groups are used, but silently dropping groups sounds bad to 
> me...

Yes, but it's not at all clear what one is to do about it, other than to 
document that if you change the max groups constant and use groups above 
the max supported by that RPC auth type, you will have problems.

Robert N M Watson