YAMAMOTO Takashi wrote:
>>   - It is unclear why it is necessary at all.
>>     http://mail-index.netbsd.org/tech-kern/2005/11/04/0005.html
> 
> 
> why unclear, while you know where it's used?

Because I don't know why the whole set of credentials needs to be 
compared. Until now, no one has answered this question.

>>   - It is the only reason for sorting group lists
>>     when they enter the kernel via setgroups(),
>>     which itself is considered unwanted.
>>     http://mail-index.netbsd.org/tech-kern/2005/11/03/0021.html
> 
> 
> i don't think the result of setgroups is fed into crcmp.
> the change didn't fix anything and should be backed out, IMO.

See the ChangeLog for src/sys/kern/kern_prot.c.

>>   - It has a big FIXME comment.
>>     src/sys/kern/kern_prot.c
> 
> i don't see why it needs to be fixed.
> credentials with the different order of groups are different.

Please explain why the order of groups is important. I don't see it.

Roland