Date: Fri, 20 Jul 2001 13:51:41 +0200 From: Anton Berezin <tobez@tobez.org> To: "Jeroen C. van Gelderen" <jeroen@vangelderen.org> Cc: FreeBSD Stable <freebsd-stable@FreeBSD.ORG>, Garance A Drosihn <drosih@rpi.edu> Subject: Re: initgroups unsolicited warning? Message-ID: <20010720135141.F76525@heechee.tobez.org> In-Reply-To: <3B57AD39.94E6567D@vangelderen.org>; from jeroen@vangelderen.org on Fri, Jul 20, 2001 at 12:02:01AM -0400 References: <3B5713AB.79322FDA@vangelderen.org> <20010719234413.A64433@heechee.tobez.org> <20010720001429.A65236@heechee.tobez.org> <3B57AD39.94E6567D@vangelderen.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, On Fri, Jul 20, 2001 at 12:02:01AM -0400, Jeroen C. van Gelderen wrote: > PR 15421: "initgroups(3) spits out messages to stderr;..." > http://www.FreeBSD.org/cgi/query-pr.cgi?pr=15421 > > I did not commit the obvious fix because there exist concerns about > > the rest of the base system that uses initgroups(3). > >From the applications on your list some are easily fixed. I already > began work on a patch for those and with another hour or so it should > be ready for public consumption. This should fix about half of the > problematic cases. Great! > For the applications that fail to check the return values of multiple > function calls I would argue that omitting the sole warning caused by > initgroups failing will not make them any less secure. These programs > really need a full audit before they can be trusted. This argument > notwithstanding I think we can cater for these applications by > replacing the dreaded warn() with a syslog call. > On that subject Garance A Drosihn suggested (and you responded): > > > Could the message be sent to syslog instead of the terminal? Or > > > have some way to indicate to initgroups() that the message should > > > be syslog'ed, or maybe even not sent at all? > > > > I really, really don't think that this kind of action should be > > performed by a library function. This should be the caller > > responsibility: after all, initgroups(), as any other well-behaving > > libc function returns -1 and sets errno in case of failure (proxying > > the setgroups() failure). > I agree that it is actually the caller's responsibility to check > return values and emit errors. On the other hand, a syslog call makes > for a nice stop-gap during the transitional period in which not all > applications are well-behaved. And such a transitional period is > virtually necessary if we want to fix the libc bug in a somewhat > timely manner. I reconsidered this, and I think that syslog solution is reasonable as a short-term transitional measure. > If all this sounds sensible I'd propose the following: > > 1. We fix those applications where initgroups is the only call that is > not checked for failure. I am working on this and have already done > four apps. I skipped over lpd. > > 2. We replace the warn in initgroups.c with a syslog call. This isn't > a long-term solution but as a stop-gap it will do nicely. At the very > least it will make CVS pserver work. Better yet, it will give > applications that direct their stderr to /dev/null a fighting chance > to get noticed by the sysadmin too. All in all I think this is an > improvement over the status quo but I lack experience to be sure ;) > > These two steps should not take more than a week I guess. The third > one will take a bit longer: > > 3. We steadily fix all the problematic programs in the system. My > guess would be that this is part of the -audit project. I don't think > we want to wait for these badly behaved programs to be repaired before > we exterminate the libc bug. Moreover I am probably not sufficiently > well versed in C-code auditing to squat all these bugs in a reasonable > time frame. > > I was planning to take care of it in the late July or probably > > August, but feel free to do so before if you wish. > If the above sounds sensible, would anyone mind helping me commit the > above suggestions (1 and 2)? I would love to see this fixed in FreeBSD > 4.4 so that I can remove the workarounds from my tree :) Yep, I'll be glad to do that. Please let me know where I can find your patches (or better yet, send them as the follow-up to the PR 15421). Thanks, %Anton. -- May the tuna salad be with you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010720135141.F76525>