[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: idvec-verify...
From: |
Alfred M. Szmidt |
Subject: |
Re: idvec-verify... |
Date: |
Sat, 23 Oct 2004 09:54:27 +0200 |
addauth with numeric IDs that are not in passwd/group/shadow should
still work for root. Does it?
For some value of works, yes. ids will segfault if you try to list
effective/active ids in idvec-rep.c:loopkup_uid() since we try to
access memory at NULL (line 133). Doing a rmauth will casue it to
work again.
When it fails for a nonroot user it should diagnose a more useful
error than EINVAL, at least EPERM.
Right.
In fact, really addauth should just handle numeric IDs and try it,
and when the auth server refuses for nonroot the EPERM return from
auth_makeauth should propagate all the way back.
The idvec-verify.c functions still shouldn't cause a segfault, the
same applies to idvec-rep.c and any other case that doesn't check what
get*_r() returns.
Maybe just fixing get*_r() to set a return value of != 0 if the
structure it returns is NULL would be a better fix. What do you
think?
Cheers.