delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin-developers/2002/11/12/12:20:13

Mailing-List: contact cygwin-developers-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-developers-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin-developers/>
List-Post: <mailto:cygwin-developers AT cygwin DOT com>
List-Help: <mailto:cygwin-developers-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-developers-owner AT cygwin DOT com
Delivered-To: mailing list cygwin-developers AT cygwin DOT com
Date: Tue, 12 Nov 2002 18:18:49 +0100
From: Corinna Vinschen <vinschen AT redhat DOT com>
To: cygwin-developers AT cygwin DOT com
Subject: Re: ntsec patch #4: passwd and group
Message-ID: <20021112181849.K10395@cygbert.vinschen.de>
Reply-To: cygwin-developers AT cygwin DOT com
Mail-Followup-To: cygwin-developers AT cygwin DOT com
References: <20021108171918 DOT P21920 AT cygbert DOT vinschen DOT de> <3DCBEFF5 DOT 850B999E AT ieee DOT org> <20021111145612 DOT T10395 AT cygbert DOT vinschen DOT de> <3DCFC6BB DOT 570DF472 AT ieee DOT org> <20021111174720 DOT X10395 AT cygbert DOT vinschen DOT de> <3DCFE314 DOT 3B5B45AB AT ieee DOT org> <20021111183423 DOT A10395 AT cygbert DOT vinschen DOT de> <3DCFF8AE DOT 66CBD751 AT ieee DOT org> <20021112144038 DOT F10395 AT cygbert DOT vinschen DOT de> <3DD13433 DOT D618DC4F AT ieee DOT org>
Mime-Version: 1.0
In-Reply-To: <3DD13433.D618DC4F@ieee.org>
User-Agent: Mutt/1.3.22.1i

On Tue, Nov 12, 2002 at 12:02:43PM -0500, Pierre A. Humblet wrote:
> Corinna Vinschen wrote:
> > 
> > I'm not sure if we're talking about the same static buffer. 
> 
> Right, we were not. What you propose is fine, with two 
> caveats:
> 1) Internal calls (from setuid, stat, etc... ) to getpwuid etc...
> should not overwrite the static area 

I Agree.  I didn't mention that because it's obvious.  All internal
calls to getpwXXX and friends should be substituted by an internal
version.

> 2) The "maximum useful size" can be very large for the group 
> entries. They can have a lot of names in the gr_mem field.

If using a global buffer, it can be allocated by the getpwXXX
as needed.

> I have another suggestion that would allow keeping what we do now in the
> non-reentrant  case (i.e. avoid doing the copying to the static buffer): 
> simply never re-read the passwd file when called internally (from
> setuid, stat, etc..). Only do it on application calls to pw/gr functions.
> I think that's perfectly standard conformant and it won't break anything. 

Sounds like a very good idea.

> We still need to do something, either the "copy everything" or the
> "don't reread for internal calls". The advantage of the "don't reread" 
> is that it's faster (important for internal loops) and requires 
> fewer changes. If you don't object I will look further into it,
> but not urgently.

No objections.  I like the idea.  Why should Cygwin reread that stuff
internally when even the application doesn't care so far?

Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Developer                                mailto:cygwin AT cygwin DOT com
Red Hat, Inc.

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019