How much should we work around buggy Solaris/OpenIndiana/Illumos > 16 groups bugs?
Björn Jacke
bj at sernet.de
Sun Jun 9 13:14:58 MDT 2013
On 2013-06-08 at 13:49 +1000 Andrew Bartlett sent off:
> I've uploaded to https://bugzilla.samba.org/show_bug.cgi?id=7588 the
> attached two patches that will help some sites that can't fix their OS,
> but need more than 16 groups.
>
> Given that a number of sites seem to deploy this, and there has been no
> reaction on the Illumos side indicating a desire to fix this, should we
> just do the qsort() unconditionally on Solaris-based OS's, for the sake
> of our users?
>
> I don't propose to detect buggy versions, if we did this I figured to
> make it happen on all Solaris builds.
>
> Any thoughts?
with Solaris this is being fixed with a hotfix and with 10u11 so this is the
recommended solution for everybody on Solarais who installed the update that
broke this setgroups call before.
With Illumos - well they know about this security issue since some weeks and
there is no realy reaction since then. I think working around such bugs in
Samba is not a good compensation for a OS vendor ignoring security related
issues. I would not like to get the qsort workaround in samba generally on
Solaris-like platforms just because Illumos does not fix well known blocker
bugs.
Just my 2¢
Björn
More information about the samba-technical
mailing list