sys_setgroups in samba-3.3.X fails, cause a panic
Volker Lendecke
Volker.Lendecke at SerNet.DE
Fri Aug 7 00:19:16 MDT 2009
On Fri, Aug 07, 2009 at 11:19:22AM +0800, Zhou Weikuan wrote:
> Samba-3.3 updates source3/smbd/sec_ctx.c, checks the
> return value of sys_setgroups, panic if sys_setgroups
> fails. This is OK for linux platforms, because from
> linux-2.6.4, NGROUP_MAX in linux support at most 65535
> groups(32 groups before linux-2.6.4), it should be enough
> for most cases. But for Solaris, this has a much more
> possibility to cause a panic, solaris only support at most
> 16 groups.
> There must be some reasons that samba should check the
> return value and panic if fails, yet the commit doesn't
> shed enough information. Does anyone here like to help me
> understand what is the problem if we still follow the
> original way to handle failure of sys_setgroup? Why is the
> failure so severe that we must panic instead of any other
> handlings. Could we switch to other methods? For example,
> check the number of groups first, and if it exceeds the
> limit NGROUP_MAX, just truncate the groups and then call
> sys_setgroups?
The main reason is security problems. For example ZFS allows
negative ACEs, and if you randomly drop groups you will see
random access to files that you denied access to. Also,
we've seen way too much confusion about random non-access
that turned out to be too many groups for a user that we
decided to panic.
If this bothers you so much, please contact SUN to fix that
limit.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090807/e51dae3f/attachment.pgp>
More information about the samba-technical
mailing list