Date: Mon, 19 Nov 2001 22:28:55 +0600 From: Max Khon <fjoe@iclub.nsu.ru> To: Ruslan Ermilov <ru@FreeBSD.ORG> Cc: Terry Lambert <tlambert2@mindspring.com>, current@FreeBSD.ORG, tobez@FreeBSD.ORG Subject: Re: misc/15421 (was: Re: initgroups) Message-ID: <20011119222854.B38492@iclub.nsu.ru> In-Reply-To: <20011119181949.R32927@sunbay.com>; from ru@FreeBSD.ORG on Mon, Nov 19, 2001 at 06:19:50PM %2B0200 References: <20011114021956.B10325@iclub.nsu.ru> <3BF19EA9.3FC5F040@mindspring.com> <20011119181949.R32927@sunbay.com>
next in thread | previous in thread | raw e-mail | index | archive | help
hi, there! On Mon, Nov 19, 2001 at 06:19:50PM +0200, Ruslan Ermilov wrote: > > Can setgroups return a positive number? If so, you've just changed > > the semantics of the funtion; before, it used to return 0 on 0 or a > > positive number. > > > No. setgroups() is a syscall, and as such returns either 0 or -1. > > > Also, is removing the _warn() really the only thing you want to > > accomplish? It should probably be seperate. > > > I have intended to commit the below patch for almost a year now, > just haven't had enough time to actually fo it. NetBSD runs with > this fix since 1999. > > Index: initgroups.c > =================================================================== > RCS file: /home/ncvs/src/lib/libc/gen/initgroups.c,v > retrieving revision 1.4 > diff -u -p -r1.4 initgroups.c > --- initgroups.c 2001/08/29 13:52:26 1.4 > +++ initgroups.c 2001/11/19 16:16:11 > @@ -56,12 +56,6 @@ initgroups(uname, agroup) > int groups[NGROUPS], ngroups; > > ngroups = NGROUPS; > - if (getgrouplist(uname, agroup, groups, &ngroups) < 0) > - warnx("%s is in too many groups, using first %d", > - uname, ngroups); > - if (setgroups(ngroups, groups) < 0) { > - _warn("setgroups"); > - return (-1); > - } > - return (0); > + getgrouplist(uname, agroup, groups, &ngroups); > + return (setgroups(ngroups, groups); > } > Index: initgroups.3 > =================================================================== > RCS file: /home/ncvs/src/lib/libc/gen/initgroups.3,v > retrieving revision 1.10 > diff -u -p -r1.10 initgroups.3 > --- initgroups.3 2001/10/01 16:08:51 1.10 > +++ initgroups.3 2001/11/19 16:16:11 > @@ -61,10 +61,14 @@ is automatically included in the groups > Typically this value is given as > the group number from the password file. > .Sh RETURN VALUES > +.Rv -std initgroups > +.Sh ERRORS > The > .Fn initgroups > -function > -returns \-1 if it was not invoked by the super-user. > +function may fail and set > +.Va errno > +for any of the errors specified for the library function > +.Xr setgroups 2 . > .Sh SEE ALSO > .Xr setgroups 2 , > .Xr getgrouplist 3 ok I asked tobez (he is an originator and he took responsibility on this PR) and he said that src/ must be audited also -- he said that some initgroups() callers do not print error message because initgroups() did this previously. I'll try to do this before this weekend and I will post combined patch to audit@ /fjoe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011119222854.B38492>