sys_setgroups in samba-3.3.X fails, cause a panic
weikuan.zhou at sinobot.com.cn
Thu Aug 6 04:04:01 MDT 2009
Samba-3.3 updates source3/smbd/sec_ctx.c, checks the return value of sys_setgroups, panic if sys_setgroups fails. This is OK for linux platforms, because from linux-2.6.4, NGROUP_MAX in linux support at most 65535 groups(32 groups before linux-2.6.4), it should be enough for most cases. But for Solaris, this has a much more possibility to cause a panic, solaris only support at most 16 groups.
There must be some reasons that samba should check the return value and panic if fails, yet the commit doesn't shed enough information. Does anyone here like to help me understand what is the problem if we still follow the original way to handle failure of sys_setgroup? Why is the failure so severe that we must panic instead of any other handlings. Could we switch to other methods? For example, check the number of groups first, and if it exceeds the limit NGROUP_MAX, just truncate the groups and then call sys_setgroups?
More information about the samba-technical