Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 19 Nov 2001 22:28:55 +0600
From:      Max Khon <fjoe@iclub.nsu.ru>
To:        Ruslan Ermilov <ru@FreeBSD.ORG>
Cc:        Terry Lambert <tlambert2@mindspring.com>, current@FreeBSD.ORG, tobez@FreeBSD.ORG
Subject:   Re: misc/15421 (was: Re: initgroups)
Message-ID:  <20011119222854.B38492@iclub.nsu.ru>
In-Reply-To: <20011119181949.R32927@sunbay.com>; from ru@FreeBSD.ORG on Mon, Nov 19, 2001 at 06:19:50PM %2B0200
References:  <20011114021956.B10325@iclub.nsu.ru> <3BF19EA9.3FC5F040@mindspring.com> <20011119181949.R32927@sunbay.com>

next in thread | previous in thread | raw e-mail | index | archive | help
hi, there!

On Mon, Nov 19, 2001 at 06:19:50PM +0200, Ruslan Ermilov wrote:

> > Can setgroups return a positive number?  If so, you've just changed
> > the semantics of the funtion; before, it used to return 0 on 0 or a
> > positive number.
> > 
> No.  setgroups() is a syscall, and as such returns either 0 or -1.
> 
> > Also, is removing the _warn() really the only thing you want to
> > accomplish?  It should probably be seperate.
> > 
> I have intended to commit the below patch for almost a year now,
> just haven't had enough time to actually fo it.  NetBSD runs with
> this fix since 1999.
> 
> Index: initgroups.c
> ===================================================================
> RCS file: /home/ncvs/src/lib/libc/gen/initgroups.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 initgroups.c
> --- initgroups.c	2001/08/29 13:52:26	1.4
> +++ initgroups.c	2001/11/19 16:16:11
> @@ -56,12 +56,6 @@ initgroups(uname, agroup)
>  	int groups[NGROUPS], ngroups;
>  
>  	ngroups = NGROUPS;
> -	if (getgrouplist(uname, agroup, groups, &ngroups) < 0)
> -		warnx("%s is in too many groups, using first %d",
> -		    uname, ngroups);
> -	if (setgroups(ngroups, groups) < 0) {
> -		_warn("setgroups");
> -		return (-1);
> -	}
> -	return (0);
> +	getgrouplist(uname, agroup, groups, &ngroups);
> +	return (setgroups(ngroups, groups);
>  }
> Index: initgroups.3
> ===================================================================
> RCS file: /home/ncvs/src/lib/libc/gen/initgroups.3,v
> retrieving revision 1.10
> diff -u -p -r1.10 initgroups.3
> --- initgroups.3	2001/10/01 16:08:51	1.10
> +++ initgroups.3	2001/11/19 16:16:11
> @@ -61,10 +61,14 @@ is automatically included in the groups 
>  Typically this value is given as
>  the group number from the password file.
>  .Sh RETURN VALUES
> +.Rv -std initgroups
> +.Sh ERRORS
>  The
>  .Fn initgroups
> -function
> -returns \-1 if it was not invoked by the super-user.
> +function may fail and set
> +.Va errno
> +for any of the errors specified for the library function
> +.Xr setgroups 2 .
>  .Sh SEE ALSO
>  .Xr setgroups 2 ,
>  .Xr getgrouplist 3

ok

I asked tobez (he is an originator and he took responsibility on this PR)
and he said that src/ must be audited also -- he said that some initgroups()
callers do not print error message because initgroups() did this
previously.

I'll try to do this before this weekend and I will post combined patch
to audit@

/fjoe

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011119222854.B38492>