[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Feb 24 13:05:49 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=787
------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-24 13:05 -------
Well, there are very few bits of code that need hacking to work with 64k groups,
so I have to discount the bit about extra complexity.
Speaking of optimizing for the common case: this is called ONCE (unless I
misread) per process. The real optimization is to use only as much memory as is
strictly needed, though neither you nor I are actually optimizing anything at
all. The runtime of this code is so far away from the fast path of anything
that it's dumb to be arguing about.
I should also mention that sooner or later _SC_NGROUPS_MAX may end up as an
actual tunable in Linux. Again, you don't care what the maximum is, just what
the actual number is. Further, since the patch(es) I proposed are VERY simple
and work reliably, why would you opt AGAINST them, for something that is less
precise AND might not be available on a platform (thereby falling back on
today's buggy behavior). I can't see the reason for arguing that as a win.
But, in the end, it's not my project, right?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list