How much should we work around buggy Solaris/OpenIndiana/Illumos > 16 groups bugs?
Ira Cooper
ira at samba.org
Mon Jun 10 17:15:09 MDT 2013
On Mon, Jun 10, 2013 at 6:33 PM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Mon, 2013-06-10 at 18:27 -0400, Ira Cooper wrote:
> >
> >
> >
> > On Mon, Jun 10, 2013 at 5:54 PM, Andrew Bartlett <abartlet at samba.org>
> > wrote:
> > On Mon, 2013-06-10 at 15:41 -0400, Ira Cooper wrote:
> > >
> > >
> > >
> > > On Mon, Jun 10, 2013 at 3:01 PM, Jeremy Allison
> > <jra at samba.org> wrote:
> > > On Mon, Jun 10, 2013 at 02:37:37PM -0400, Ira Cooper
> > wrote:
> > > > Can someone point me at the actual illumos issue
> > that was
> > > raised in their
> > > > bug tracker?
> > >
> > >
> > > https://www.illumos.org/issues/3577
> > >
> > > I pinged one of the Illumos folks about this, but
> > they're
> > > a bit busy.
> > >
> > > > I know Andrew raised one, but as I remember, that
> > one
> > > wandered off track.
> > > >
> > > > This is very specific, and I'd guess most illumos
> > devs could
> > > fix it
> > > > promptly. Heck, if it stops people from being as
> > Jeremy so
> > > nicely put it
> > > > "completely sanctimonious
> > > > pricks", it's something I can probably do.
> > > >
> > > > But, that said, there ARE broken systems, and
> > there will be
> > > broken systems,
> > > > so some workaround will be needed... and probably
> > for a long
> > > time given the
> > > > lifetime of Solaris systems.
> > > >
> > > > So detecting it might be nice... Can someone
> > "detect" it if
> > > I "fix" it.
> > >
> > >
> > > Only as root I think. IMHO you should fix it for
> > Illumos,
> > > and we should add the workaround to Samba.
> > >
> > >
> > > If you are building illumos, try this patch, and remove the
> > qsort.
> > > The problem should go away, if I understand the code right.
> > >
> > >
> > > If not, can you please hand me solid reproduction code, and
> > I'll "get
> > > it right". We can then attach this patch to the bug, and
> > talk to them
> > > about RTI. (Getting it committed.)
> >
> >
> > https://www.illumos.org/issues/3691 has the reproducer test
> > programs I
> > used.
> >
> > Just to close to loop back to here, after Björn Jacke raised
> > the
> > security aspect, I raised this with their security contact,
> > but without
> > a response yet. (I wouldn't normally mention such details,
> > but this is
> > already very well public).
> >
> >
> > The patch I wrote fixes "testgroups4" though the groups come back
> > sorted, so the program carps about that. (I don't consider that a
> > "bug".)
>
> Indeed, that's what it does on Linux. Comment out that check to be
> double-sure, and let it run the actual ACL checks.
>
> > I can submit it upstream if you wish to confirm that it works.
>
> Can you just comment out the order check, and then do that? I don't
> have a good means to rebuild the Illumos kernel right now.
>
>
I actually have kernels built both ways, and have confirmed the fix.
But my doing something and it working for someone else, is always 2
different things.
-Ira
More information about the samba-technical
mailing list