Date: Thu, 17 Nov 2005 19:36:24 +0000 (GMT) From: Robert Watson <rwatson@FreeBSD.org> To: John-Mark Gurney <gurney_j@resnet.uoregon.edu> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, Hartmut Brandt <harti@FreeBSD.org>, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/rpc.lockd kern.c Message-ID: <20051117193537.C1109@fledge.watson.org> In-Reply-To: <20051117181156.GA885@funkthat.com> References: <200511171219.jAHCJJw6079767@repoman.freebsd.org> <20051117181156.GA885@funkthat.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 17 Nov 2005, John-Mark Gurney wrote: > Hartmut Brandt wrote this message on Thu, Nov 17, 2005 at 12:19 +0000: >> harti 2005-11-17 12:19:19 UTC >> >> FreeBSD src repository >> >> Modified files: >> usr.sbin/rpc.lockd kern.c >> Log: >> When a user is in more than 16 groups the call to authunix_create() will >> result in abort() beeing called. This is because there is a limit of >> the number of groups in the RPC which is 16. When the actual number of >> groups is too large it results in xdr_array() returning an error which, >> in turn, authunix_create() handles by just calling abort(). >> >> Fix this by passing only the first 16 groups to authunix_create(). > > Can't this cause problems with files that have a mode of 0604? Since > normally the user would be unable to read it, but if the group gets > dropped, then he is now able to access or lock the file? I don't know > what the groups are used, but silently dropping groups sounds bad to > me... Yes, but it's not at all clear what one is to do about it, other than to document that if you change the max groups constant and use groups above the max supported by that RPC auth type, you will have problems. Robert N M Watson
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20051117193537.C1109>