On Tue, Nov 20, 2001 at 03:43:52PM +0100, Anton Berezin wrote:
> On Tue, Nov 20, 2001 at 04:27:03PM +0200, Ruslan Ermilov wrote:
> > On Tue, Nov 20, 2001 at 03:12:50PM +0100, Anton Berezin wrote:
> > > On Tue, Nov 20, 2001 at 03:02:39PM +0200, Ruslan Ermilov wrote:
> 
> > > > While this is indeed a good thing to do, this is completely
> > > > unrelated to the above mentioned problem, and should be done
> > > > separately.  Here's the list of src/ files that do not check the
> > > > return value of initgroups(3), and may need to be fixed, but some
> > > > of them explicitly ignore the result to indicate the fact they
> > > > consider this error non-fatal.
> 
> > > > libexec/ftpd/ftpd.c
> > > > libexec/rexecd/rexecd.c
> > > > usr.bin/calendar/calendar.c
> > > > usr.sbin/inetd/inetd.c
> > > 
> > > There used to be *many* more problematic files.  Please see
> > > 
> > > 
>http://www.freebsd.org/cgi/getmsg.cgi?fetch=801566+0+/usr/local/www/db/text/2001/freebsd-stable/20010722.freebsd-stable
> > > 
> > > To my knowledge, only printjob.c was fixed, though I have not looked
> > > into every file in the list since then.
> 
> > Yes, but I specifically left contrib/ and crypto/ files, and files that
> > do not check the result of other calls like setgrp() etc.
> 
> We do not want to omit contrib/ files, since the whole hoopla started
> because of the contrib/cvs/.
> 
> > > But as I said in the private message, I do not feel strongly about
> > > this, and I think that the fix can be safely committed.  I do not
> > > think these things are quite unrelated, though.  :-)
> 
> > Not checking the return value is always BAD except when (not) done
> > intentionally (flagged by a(void)ing the return value of a function),
> > whether or not a function in question prints some diagnostic output on
> > standard error; that's why I still think these problems are in fact
> > unrelated.  :-)
> 
> In this case your own version of the fix should be modified from
> 
> +   getgrouplist(uname, agroup, groups, &ngroups);
> +   return (setgroups(ngroups, groups);
> 
> to
> 
> +   (void) getgrouplist(uname, agroup, groups, &ngroups);
> +   return (setgroups(ngroups, groups);
> 
> , to be pedantic. :-)
> 
Not actually, because getgrouplist(3) is special in that -1 is not
actually an error, but an indication that the resulting array was
too small to hold all groups.  :-)

> The point I am trying to (not very strongly) make is that we at least
> have some indication that there is a problem with the current behavior
> (with the exception of the daemons with closed/redirected to /dev/null
> stderr).  By (rightfully) fixing initgroups(), we loose even this
> precious little diagnostic we have.  That's why initgroups() fix and the
> code audit are probably best done at the same time - unless we can
> guarantee the audit part will not be forgotten.
> 
Sure, you can just change the synopsis of your PR.  :-)


Cheers,
-- 
Ruslan Ermilov          Oracle Developer/DBA,
[EMAIL PROTECTED]           Sunbay Software AG,
[EMAIL PROTECTED]          FreeBSD committer,
+380.652.512.251        Simferopol, Ukraine

http://www.FreeBSD.org  The Power To Serve
http://www.oracle.com   Enabling The Information Age

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message

Reply via email to