[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
library/2175: initgroups() has arbitrary restriction
- To: gnats@openbsd.org
- Subject: library/2175: initgroups() has arbitrary restriction
- From: Phil Pennock <Phil.Pennock@globnix.org>
- Date: Tue, 13 Nov 2001 20:20:03 +0000
- Resent-Date: Tue, 13 Nov 2001 13:30:02 -0700 (MST)
- Resent-From: gnats@cvs.openbsd.org (GNATS Management)
- Resent-Message-Id: <200111132030.fADKU2DC002724@cvs.openbsd.org>
- Resent-Reply-To: gnats@cvs.openbsd.org, Phil.Pennock@globnix.org
- Resent-To: bugs@cvs.openbsd.org
>Number: 2175
>Category: library
>Synopsis: initgroups() has arbitrary restriction
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: bugs
>State: open
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Tue Nov 13 13:30:01 MST 2001
>Last-Modified:
>Originator: Phil Pennock
>Organization:
>Release: any
>Environment:
System : OpenBSD 2.9
Architecture: OpenBSD.i386
Machine : i386
>Description:
initgroups(3) has an arbitrary (documented) limit of the NGROUPS #define.
This could be more flexibly handled using the kern.ngroups sysctl.
ports/security/chrootuid/patches/patch-chrootuid_c contains the relevant
logic from me, if USE_SYSCTL is defined but doesn't release the memory since
chrootuid will exec() shortly thereafter.
>How-To-Repeat:
Current behaviour is as documented. This is a request for a change to
the desired behaviour.
>Fix:
This patch against src/lib/libc/gen/initgroups.c r1.5 should fix the code
(and remove a bogus #include <stdio.h>).
Man-page should lose the paragraph on the NGROUPS restriction.
--- initgroups.c.orig Tue Nov 13 21:08:27 2001
+++ initgroups.c Tue Nov 13 21:18:19 2001
@@ -36,9 +36,10 @@
#endif /* LIBC_SCCS and not lint */
#include <sys/param.h>
+#include <sys/sysctl.h>
#include <err.h>
-#include <stdio.h>
+#include <stdlib.h>
#include <unistd.h>
int
@@ -46,12 +47,25 @@
const char *uname;
gid_t agroup;
{
- gid_t groups[NGROUPS];
- int ngroups;
+ gid_t *groups;
+ int ngroups, mib[2];
+ size_t len;
+
+ mib[0] = CTL_KERN;
+ mib[1] = KERN_NGROUPS;
+ len = sizeof(ngroups);
+
+ if (sysctl(mib, 2, &ngroups, &len, NULL, 0))
+ return (-1);
+
+ if (!(groups = calloc(ngroups, sizeof(int))))
+ return (-1);
- ngroups = NGROUPS;
(void) getgrouplist(uname, agroup, groups, &ngroups);
- if (setgroups(ngroups, groups) < 0)
+ if (setgroups(ngroups, groups) < 0) {
+ free(groups);
return (-1);
+ }
+ free(groups);
return (0);
}
>Audit-Trail:
>Unformatted: