[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Feb 24 08:34:03 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=787
openssh_bugzilla at hockin.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #548 is|0 |1
obsolete| |
------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-24 08:33 -------
Created an attachment (id=549)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=549&action=view)
new NGROUPS patch
This should work if you have no supplementary groups. It also keeps existing
behavior for unnamed groups in groups_byname[].
Issue: the first call to getgrouplist() in groupaccess.c:ga_init().
On my unpatched RH9 box, this segfaults. On my RHEL3 box (should be just like
RH9) it works. Based on stack examination, the getgroupslist() function on my
RH9 box writes the gid list to the stack, heedless of the ngroups parameter.
The RHEL box seems to do the right thing, except for wantonly assuming that at
least ONE gid will be available and that ngroups is at least 1.
So I work around the case of requiring one gid (not too gross), but what can be
done about it ignoring the ngroups param on RH9? Nothing that seems
reasonable. Fix glibc.
So I think this is correct, or as correct as can be. More testers to confirm
that would be nice.
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list