How much should we work around buggy Solaris/OpenIndiana/Illumos > 16 groups bugs?

Björn Jacke bj at
Sun Jun 9 13:14:58 MDT 2013

On 2013-06-08 at 13:49 +1000 Andrew Bartlett sent off:
> I've uploaded to the
> attached two patches that will help some sites that can't fix their OS,
> but need more than 16 groups. 
> Given that a number of sites seem to deploy this, and there has been no
> reaction on the Illumos side indicating a desire to fix this, should we
> just do the qsort() unconditionally on Solaris-based OS's, for the sake
> of our users?
> I don't propose to detect buggy versions, if we did this I figured to
> make it happen on all Solaris builds.
> Any thoughts?

with Solaris this is being fixed with a hotfix and with 10u11 so this is the
recommended solution for everybody on Solarais who installed the update that
broke this setgroups call before.

With Illumos - well they know about this security issue since some weeks and
there is no realy reaction since then. I think working around such bugs in
Samba is not a good compensation for a OS vendor ignoring security related
issues. I would not like to get the qsort workaround in samba generally on
Solaris-like platforms just because Illumos does not fix well known blocker
Just my 2¢

More information about the samba-technical mailing list