[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Feb 20 13:01:55 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=787





------- Additional Comments From openssh_bugzilla at hockin.org  2004-02-20 13:01 -------
The proposed fix is wrong, I think.  Even with sysconf, the NGROUPS_MAX could be
REALLY large.  You don't really want the max possible, you want the current
number, right?

Patch attached.  The only really interesting part is that the bit where it
passes a fake gid_t array to getgrouplist() works, but gets a SEGV on return
from that function (on my RH9 Linux box, anyway).  Changing fake to an array[4]
and setting ngroups to 0 works, though.  Haven't investigated further.  Does
this look more correct, though?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list