How much should we work around buggy Solaris/OpenIndiana/Illumos > 16 groups bugs?

Andrew Bartlett abartlet at samba.org
Mon Jun 10 15:54:32 MDT 2013 

On Mon, 2013-06-10 at 15:41 -0400, Ira Cooper wrote:
> 
> 
> 
> On Mon, Jun 10, 2013 at 3:01 PM, Jeremy Allison <jra at samba.org> wrote:
>         On Mon, Jun 10, 2013 at 02:37:37PM -0400, Ira Cooper wrote:
>         > Can someone point me at the actual illumos issue that was
>         raised in their
>         > bug tracker?
>         
>         
>         https://www.illumos.org/issues/3577
>         
>         I pinged one of the Illumos folks about this, but they're
>         a bit busy.
>         
>         > I know Andrew raised one, but as I remember, that one
>         wandered off track.
>         >
>         > This is very specific, and I'd guess most illumos devs could
>         fix it
>         > promptly.  Heck, if it stops people from being as Jeremy so
>         nicely put it
>         > "completely sanctimonious
>         > pricks", it's something I can probably do.
>         >
>         > But, that said, there ARE broken systems, and there will be
>         broken systems,
>         > so some workaround will be needed... and probably for a long
>         time given the
>         > lifetime of Solaris systems.
>         >
>         > So detecting it might be nice...  Can someone "detect" it if
>         I "fix" it.
>         
>         
>         Only as root I think. IMHO you should fix it for Illumos,
>         and we should add the workaround to Samba.
> 
> 
> If you are building illumos, try this patch, and remove the qsort.
>  The problem should go away, if I understand the code right.
> 
> 
> If not, can you please hand me solid reproduction code, and I'll "get
> it right".  We can then attach this patch to the bug, and talk to them
> about RTI.  (Getting it committed.)

https://www.illumos.org/issues/3691 has the reproducer test programs I
used. 

Just to close to loop back to here, after Björn Jacke raised the
security aspect, I raised this with their security contact, but without
a response yet.  (I wouldn't normally mention such details, but this is
already very well public). 

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org

More information about the samba-technical mailing list