TODO entry for getgrouplist

James Youngman Sat, 16 Feb 2008 09:20:49 -0800

The current coreutils TODO file says:-

Implement Ulrich Drepper's suggestion to use getgrouplist rather than
  getugroups.  This affects both `id' and `setuidgid', but makes a big
  difference on systems with many users and/or groups, and makes id usable
  once again on systems where access restrictions make getugroups fail.
  But first we'll need a run-test (either in an autoconf macro or at
  run time) to avoid the segfault bug in libc-2.3.2's getgrouplist.
  In that case, we'd revert to using a new (to-be-written) getgrouplist
  module that does most of what `id' already does.  Or just avoid the
  buggy use of getgrouplist by never passing it a buffer of length zero.
  See http://bugzilla.redhat.com/200327


This seems to me to imply that there are safe usages of getgrouplist()
on arbitrary systems.  Specifically, that the problem is the zero
length of the buffer.   However the manpage for that function says :

       The glibc 2.3.2 implementation of this function  is  broken:  it  over‐
       writes memory when the actual number of groups is larger than *ngroups.

So, is it safe to use getgrouplist() with an iniital value of 1 for
*ngrouplist?   My belief is yes, since the relevant bugfix to glibc
seems to be this:

$ cvs diff -r1.33 -r1.34 -upN   initgroups.c
Index: initgroups.c
===================================================================
RCS file: /cvs/glibc/libc/grp/initgroups.c,v
retrieving revision 1.33
retrieving revision 1.34
diff -u -p -r1.33 -r1.34
--- initgroups.c        5 Oct 2004 15:36:26 -0000       1.33
+++ initgroups.c        29 Mar 2005 23:39:59 -0000      1.34
@@ -1,4 +1,4 @@
-/* Copyright (C) 1989,91,93,1996-2003, 2004  Free Software Foundation, Inc.
+/* Copyright (C) 1989,91,93,1996-2003, 2004, 2005  Free Software
Foundation, Inc.
    This file is part of the GNU C Library.

    The GNU C Library is free software; you can redistribute it and/or
@@ -73,7 +73,9 @@ internal_getgrouplist (const char *user,
   /* Start is one, because we have the first group as parameter.  */
   long int start = 1;

-  (*groupsp)[0] = group;
+  /* Never store more than the starting *SIZE number of elements.  */
+  if (*size > 0)
+    (*groupsp)[0] = group;

   if (__nss_group_database != NULL)
     {


My take on this is that the manual page is in fact wrong.   I'm asking
on the list because I don't want to forge ahead and then introduce a
bug on a system which I can't test on.

James.


_______________________________________________
Bug-coreutils mailing list
Bug-coreutils@gnu.org
http://lists.gnu.org/mailman/listinfo/bug-coreutils

TODO entry for getgrouplist

Reply via email to