[Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Feb 24 12:41:32 EST 2004


http://bugzilla.mindrot.org/show_bug.cgi?id=787





------- Additional Comments From djm at mindrot.org  2004-02-24 12:41 -------
SuSv3 says _SC_NGROUPS_MAX: "Maximum number of simultaneous supplementary group
IDs per process". Sizing arrays using NGROUPS_MAX and/or sysconf is a very
common idiom. Even the Linux manpages recommend this.

Most systems don't even have anything like 64k groups, let alone accounts which
are members of all of them. Have you not heard of optimising for the common case?

What you propose means more complexity for every piece of downstream software
that uses supplemental groups. 



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.




More information about the openssh-bugs mailing list