From owner-freebsd-arch@FreeBSD.ORG  Mon Jun  8 19:16:54 2009
Return-Path: <owner-freebsd-arch@FreeBSD.ORG>
Delivered-To: arch@FreeBSD.ORG
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 46982106566B;
	Mon,  8 Jun 2009 19:16:54 +0000 (UTC) (envelope-from das@FreeBSD.ORG)
Received: from zim.MIT.EDU (ZIM.MIT.EDU [18.95.3.101])
	by mx1.freebsd.org (Postfix) with ESMTP id 05F488FC0C;
	Mon,  8 Jun 2009 19:16:53 +0000 (UTC) (envelope-from das@FreeBSD.ORG)
Received: from zim.MIT.EDU (localhost [127.0.0.1])
	by zim.MIT.EDU (8.14.3/8.14.2) with ESMTP id n58IpMKa065821;
	Mon, 8 Jun 2009 14:51:22 -0400 (EDT) (envelope-from das@FreeBSD.ORG)
Received: (from das@localhost)
	by zim.MIT.EDU (8.14.3/8.14.2/Submit) id n58IpM0A065820;
	Mon, 8 Jun 2009 14:51:22 -0400 (EDT) (envelope-from das@FreeBSD.ORG)
Date: Mon, 8 Jun 2009 14:51:22 -0400
From: David Schultz <das@FreeBSD.ORG>
To: Brooks Davis <brooks@FreeBSD.ORG>
Message-ID: <20090608185122.GA65737@zim.MIT.EDU>
Mail-Followup-To: Brooks Davis <brooks@FreeBSD.ORG>, arch@FreeBSD.ORG,
	current@FreeBSD.ORG
References: <20090605223636.GA24364@lor.one-eyed-alien.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20090605223636.GA24364@lor.one-eyed-alien.net>
Cc: arch@FreeBSD.ORG, current@FreeBSD.ORG
Subject: Re: RFT: Allow large values of NGROUPS_MAX
X-BeenThere: freebsd-arch@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Discussion related to FreeBSD architecture <freebsd-arch.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-arch>
List-Post: <mailto:freebsd-arch@freebsd.org>
List-Help: <mailto:freebsd-arch-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-arch>,
	<mailto:freebsd-arch-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2009 19:16:54 -0000

On Fri, Jun 05, 2009, Brooks Davis wrote:
>  - Should we make any attempt to support old binaries when there
>    are more than 16 groups?  The POSIX getgroups/setgroups APIs did not
>    anticipate this change and thus either will fail outright.  We can't
>    fix setgroups, but we might want to make an optional accommodation for
>    getgroups to allow for truncated returns to old code.

Awesome.  I think the ABI breakage is fine as long as it only
affects systems where users are actually in more than 16 groups.
It's perfectly reasonable to expect people to recompile in order
to take advantage of a new feature.

As for the value of NGROUPS_MAX, there are systems with more than
32k groups out there, but I doubt there are interesting cases
where a single user is a member of more than 32k groups.  The
permission checking code would not realistically scale to group
lists that long anyway.