cvs commit: src/usr.sbin/rpc.lockd kern.c

Robert Watson rwatson at FreeBSD.org
Thu Nov 17 19:36:24 GMT 2005


On Thu, 17 Nov 2005, John-Mark Gurney wrote:

> Hartmut Brandt wrote this message on Thu, Nov 17, 2005 at 12:19 +0000:
>> harti       2005-11-17 12:19:19 UTC
>>
>>   FreeBSD src repository
>>
>>   Modified files:
>>     usr.sbin/rpc.lockd   kern.c
>>   Log:
>>   When a user is in more than 16 groups the call to authunix_create() will
>>   result in abort() beeing called. This is because there is a limit of
>>   the number of groups in the RPC which is 16. When the actual number of
>>   groups is too large it results in xdr_array() returning an error which,
>>   in turn, authunix_create() handles by just calling abort().
>>
>>   Fix this by passing only the first 16 groups to authunix_create().
>
> Can't this cause problems with files that have a mode of 0604?  Since 
> normally the user would be unable to read it, but if the group gets 
> dropped, then he is now able to access or lock the file?  I don't know 
> what the groups are used, but silently dropping groups sounds bad to 
> me...

Yes, but it's not at all clear what one is to do about it, other than to 
document that if you change the max groups constant and use groups above 
the max supported by that RPC auth type, you will have problems.

Robert N M Watson


More information about the cvs-src mailing list