Date: Mon, 19 Nov 2001 22:28:55 +0600 From: Max Khon <fjoe@iclub.nsu.ru> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: Terry Lambert <tlambert2@mindspring.com>, current@FreeBSD.ORG, tobez@FreeBSD.ORG Subject: Re: misc/15421 (was: Re: initgroups) Message-ID: <20011119222854.B38492@iclub.nsu.ru> In-Reply-To: <20011119181949.R32927@sunbay.com>; from ru@FreeBSD.ORG on Mon, Nov 19, 2001 at 06:19:50PM %2B0200 References: <20011114021956.B10325@iclub.nsu.ru> <3BF19EA9.3FC5F040@mindspring.com> <20011119181949.R32927@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, there!
On Mon, Nov 19, 2001 at 06:19:50PM +0200, Ruslan Ermilov wrote:
> > Can setgroups return a positive number? If so, you've just changed
> > the semantics of the funtion; before, it used to return 0 on 0 or a
> > positive number.
> >
> No. setgroups() is a syscall, and as such returns either 0 or -1.
>
> > Also, is removing the _warn() really the only thing you want to
> > accomplish? It should probably be seperate.
> >
> I have intended to commit the below patch for almost a year now,
> just haven't had enough time to actually fo it. NetBSD runs with
> this fix since 1999.
>
> Index: initgroups.c
> ===================================================================
> RCS file: /home/ncvs/src/lib/libc/gen/initgroups.c,v
> retrieving revision 1.4
> diff -u -p -r1.4 initgroups.c
> --- initgroups.c 2001/08/29 13:52:26 1.4
> +++ initgroups.c 2001/11/19 16:16:11
> @@ -56,12 +56,6 @@ initgroups(uname, agroup)
> int groups[NGROUPS], ngroups;
>
> ngroups = NGROUPS;
> - if (getgrouplist(uname, agroup, groups, &ngroups) < 0)
> - warnx("%s is in too many groups, using first %d",
> - uname, ngroups);
> - if (setgroups(ngroups, groups) < 0) {
> - _warn("setgroups");
> - return (-1);
> - }
> - return (0);
> + getgrouplist(uname, agroup, groups, &ngroups);
> + return (setgroups(ngroups, groups);
> }
> Index: initgroups.3
> ===================================================================
> RCS file: /home/ncvs/src/lib/libc/gen/initgroups.3,v
> retrieving revision 1.10
> diff -u -p -r1.10 initgroups.3
> --- initgroups.3 2001/10/01 16:08:51 1.10
> +++ initgroups.3 2001/11/19 16:16:11
> @@ -61,10 +61,14 @@ is automatically included in the groups
> Typically this value is given as
> the group number from the password file.
> .Sh RETURN VALUES
> +.Rv -std initgroups
> +.Sh ERRORS
> The
> .Fn initgroups
> -function
> -returns \-1 if it was not invoked by the super-user.
> +function may fail and set
> +.Va errno
> +for any of the errors specified for the library function
> +.Xr setgroups 2 .
> .Sh SEE ALSO
> .Xr setgroups 2 ,
> .Xr getgrouplist 3
ok
I asked tobez (he is an originator and he took responsibility on this PR)
and he said that src/ must be audited also -- he said that some initgroups()
callers do not print error message because initgroups() did this
previously.
I'll try to do this before this weekend and I will post combined patch
to audit@
/fjoe
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011119222854.B38492>