Date: Wed, 14 Nov 2001 00:49:07 +0700 From: Eugene Grosbein <eugen@grosbein.pp.ru> To: stable@freebsd.org Subject: src/lib/libc/gen/initgroups.c: warn() breaks CVS protocol Message-ID: <20011114004907.D864@grosbein.pp.ru>
next in thread | raw e-mail | index | archive | help
Hi! I'm trying to setup local anonymous read-only CVS pserver for my mirror of FreeBSD CVS Repository. The Repo is owned by root. My system is 4.4-STABLE and I use stock cvs for 'cvs pserver -R'. I do not want cvs be allowed to write to the Repo or read /etc/master.passwd so I setup CVSROOT/passwd, CVSROOT/readers, CVSROOT/writers and I run cvspserver from inetd as non-root user 'anoncvs'. My CVSROOT/passwd file contains one line: anoncvs:hashed_password:anoncvs 'cvs login' works fine, but 'cvs checkout' does not. cvs(1) tries to call initgroups(3) and does not complain if it returns EPERM (see src/contrib/cvs/src/server.c, line 5286). But initgroups() uses warn(3) to note setgroups(2) failure. That breaks CVS protocol and client obtains this message: $ cvs checkout -r ppp_2_3_5 src/usr.sbin/pppd cvs [checkout aborted]: unrecognized auth response from my.anoncvs.host: cvs: setgroups: Operation not permitted I cannot run cvspserver as root because it does not use /etc/login.conf restrictions then. Using inetd is a perfect way to limit resource usage for cvs but this bug (or feature) of libc breaks protocol. So, the question is: will this be fixed? What if I just comment out that warn() in src/lib/libc/gen/initgroups.c? Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011114004907.D864>