[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 24 06:59:42 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=787





------- Additional Comments From openssh_bugzilla at hockin.org  2004-02-24 06:59 -------
Would you rather the "unknown group id" string bit be dumped altogether. 
Previously (well, currently, I guess) the code just discards the byname entry
for any groups without a name.  This results in the bygid[] and byname[] arrays
not being parallel for every index.

If you want them to stay parallel, you need a filler for the gids without names.
 Alternatively, you could make them NULL and just catch that case in any code
that touches groups_byname[].

So would you rather I:
a) do it the old way and just drop out unnamed groups (and be non-parallel)
b) stay parallel but make the unnamed entries be NULL (and fix ga_match() and
ga_free())
c) stay parallel but add an informative error message (as it is now)

I'll be happy to resubmit a patch post-haste if someone would care to make that
decision.  Probably a or b sounds fine to me.  On further consideration, c isn't
so tasteful. :)

I'd like top get this patch off my plate, so I can wrap up the NGROUPS stuff. 
Anything else I need to do to make this go in in the near future?



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list