Subject: Re: bin/18222: patch to allow a uid or gid of (-2) matching default NFS mapping for remote root users
To: None <netbsd-bugs@netbsd.org, gnats-bugs@gnats.netbsd.org>
From: Greg A. Woods <woods@weird.com>
List: netbsd-bugs
Date: 09/07/2002 17:01:00
[ On Saturday, September 7, 2002 at 19:44:09 (+0100), David Laight wrote: ]
> Subject: Re: bin/18222: patch to allow a uid or gid of (-2) matching default NFS mapping for remote root users
>
> On Sat, Sep 07, 2002 at 07:23:10PM +0100, David Laight wrote:
> > > >Synopsis: patch to allow a uid or gid of (-2) matching default
> > > NFS mapping for remote root users
> > >
> > > increase UID_MAX and GID_MAX to (UINT_MAX-1)
> >
> > Wouldn't it be better to use (~(uid_t)0 - 1) and (~(gid_t)0 - 1) ?
>
> A quick look at the history of syslimits.h (brought on by the fact
> that the comments for these values didn't match the value) shows
> that the limit has been 2^32-2 before.
>
> It was changed because setreu/gid() allows -1 (meaning don't
> change) which has to be within the domain of u/gid_t.
Yes, I remember that -- but the change was ultra-conservative and
results in my "nfsanon" user being "invalid". My PR is in part in
(delayed) response to that change.
2^32-1 is the correct limit to allow for -2 as a valid value and -1 as a
special meaning to things like setreuid() [which I don't really care
about anywas as I've disabled it on my own systems for security reasons ;-)].
> This is another of those types [1] whose domain is -1..MAXINT-1
> that C doesn't quite copy with.
It's not C that's at fault -- it's bad/lazy API design. :-)
--
Greg A. Woods
+1 416 218-0098; <g.a.woods@ieee.org>; <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>