[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Feb 24 06:59:42 EST 2004
http://bugzilla.mindrot.org/show_bug.cgi?id=787
------- Additional Comments From openssh_bugzilla at hockin.org 2004-02-24 06:59 -------
Would you rather the "unknown group id" string bit be dumped altogether.
Previously (well, currently, I guess) the code just discards the byname entry
for any groups without a name. This results in the bygid[] and byname[] arrays
not being parallel for every index.
If you want them to stay parallel, you need a filler for the gids without names.
Alternatively, you could make them NULL and just catch that case in any code
that touches groups_byname[].
So would you rather I:
a) do it the old way and just drop out unnamed groups (and be non-parallel)
b) stay parallel but make the unnamed entries be NULL (and fix ga_match() and
ga_free())
c) stay parallel but add an informative error message (as it is now)
I'll be happy to resubmit a patch post-haste if someone would care to make that
decision. Probably a or b sounds fine to me. On further consideration, c isn't
so tasteful. :)
I'd like top get this patch off my plate, so I can wrap up the NGROUPS stuff.
Anything else I need to do to make this go in in the near future?
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the openssh-bugs
mailing list