Subject: Re: bin/14172
To: David Laight <david@l8s.co.uk>
From: Jason R. Fink <jrf@adresearch.com>
List: tech-userlevel
Date: 12/04/2002 16:56:07
> > 3) bad coding - the libutil routine that does getgrouplist/intgroups
> > (forgotten its name) doesn't obey its man page and passes invalid
> > data to the kernel.
in login_cap.c:
...
int
setusercontext(login_cap_t *lc, struct passwd *pwd,
uid_t uid, u_int flags)
...
That function does all sorts of checks. I think that is
the one you are referring to.
>
> > 4) enhancing the kernel to support indefinite numbers of groups
I would call this secondary ATM.
this is a simple demo that compares the two values:
--
/*-
* qgrp: query group via sysconf
* demonstration program to query sysconf and NGROUPS_MAX
*/
#include <stdio.h>
#include <unistd.h>
#include <sys/syslimits.h>
int
main(void)
{
long groups;
/*
* note, in reality we would be passing in the
* number of groups the user belongs to and
* and comparing them via sysconf.
*/
groups = sysconf(_SC_NGROUPS_MAX);
if (groups <= NGROUPS_MAX) {
printf("NGROUPS_MAX and _SC_NGROUPS_MAX are cool\n");
} else {
return -1;
}
return 0;
}
--
So, where would I "stick it" :-) This prints the value of
Supplemental groups. Also this routine would need the user's
ngroups to compare to and then return -1 if there is a problem.
--
Jay Fink http://pyxis.homeunix.net/
NetBSD Developer http://www.netbsd.org/
Senior SysAdmin/Programmer, Ipsos http://www.ipsos.com/