cvs commit: src/usr.sbin/rpc.lockd kern.c
gurney_j at resnet.uoregon.edu
Thu Nov 17 18:11:58 GMT 2005
Hartmut Brandt wrote this message on Thu, Nov 17, 2005 at 12:19 +0000:
> harti 2005-11-17 12:19:19 UTC
> FreeBSD src repository
> Modified files:
> usr.sbin/rpc.lockd kern.c
> When a user is in more than 16 groups the call to authunix_create() will
> result in abort() beeing called. This is because there is a limit of
> the number of groups in the RPC which is 16. When the actual number of
> groups is too large it results in xdr_array() returning an error which,
> in turn, authunix_create() handles by just calling abort().
> Fix this by passing only the first 16 groups to authunix_create().
Can't this cause problems with files that have a mode of 0604? Since
normally the user would be unable to read it, but if the group gets
dropped, then he is now able to access or lock the file? I don't know
what the groups are used, but silently dropping groups sounds bad to
John-Mark Gurney Voice: +1 415 225 5579
"All that I will do, has been done, All that I have, has not."
More information about the cvs-src