Date: Fri, 20 Jul 2001 00:27:03 -0400 From: Garance A Drosihn <drosih@rpi.edu> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: initgroups unsolicited warning? Message-ID: <p05101011b77d5fb73500@[128.113.24.47]> In-Reply-To: <3B57AD39.94E6567D@vangelderen.org> References: <3B5713AB.79322FDA@vangelderen.org> <20010719234413.A64433@heechee.tobez.org> <20010720001429.A65236@heechee.tobez.org> <3B57AD39.94E6567D@vangelderen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
At 12:02 AM -0400 7/20/01, Jeroen C. van Gelderen wrote: >If all this sounds sensible I'd propose the following: > >1. We fix those applications where initgroups is the only call > that is not checked for failure. I am working on this and > have already done four apps. I skipped over lpd. I have sent some messages to Anton about lpd/printjob.c, but I should also mention the highlights on this list: I am already working on a patch to lpd/printjob.c, but as usual the "simple and obvious" patch that one would be tempted to write after looking at the code will actually make life worse instead of better (considerably worse, in fact...). So, no one else needs to rush in and write a patch for lpd. Once I have a patch which isn't disastrous in my own testing, I'll put it up for audit-minded folk to look at. Here is one tip: Do not just add code to check the result & errno from initgroup. Also test that code by adding something which WILL cause initgroup to fail (such as a call to seteuid(non-root)), and make sure the path your error-recovery takes is not worse than the original error... -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05101011b77d5fb73500>