On Mon, Aug 18, 2014 at 7:37 PM, Natanael Copa <[email protected]> wrote:
> On Mon, 18 Aug 2014 15:37:46 +0200 > Denys Vlasenko <[email protected]> wrote: > > > On Mon, Aug 18, 2014 at 3:17 PM, Laszlo Papp <[email protected]> wrote: > > >> > Denys, this fix was sent two weeks ago? Why have you not applied it > > >> > until > > >> > there is a better fix (if any)? This is still broken and results a > > >> > system > > >> > with potential stray users around. > > >> > > >> I'm having bad feelings about the fix along the lines of > > >> > > >> -#define PWD_BUFFER_SIZE 256 > > >> -#define GRP_BUFFER_SIZE 256 > > >> +#define PWD_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 > > >> +#define GRP_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 > > >> > > >> I fear that people (situations) strange enough to use names as long as > > >> > > >> > fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff > > >> can easily use names thrice as long. > > > > > > > > > I do not follow. It is also completely inline with the desktop > practice that > > > has existed for several decades now... > > > > > >> > > >> From the API perspective, xmalloc_getpwnam(username) would be ideal. > > >> But it would require significant rework. > > > > > > > > > Exactly my point. I would be unhappy to keep patching my busybox > locally > > > just because stray users can stay around on my system with the latest > > > busybox. My stance is usually applying changes that fix issues until > there > > > are better approaches. Currently, I am not funded by anyone to work on > this > > > "nice design" in full-time and I did provide a quick fix for the issue > at > > > hand. > > > > How sure are you that a buffer of 3*256 is big enough? > > Not only that, it introduces a serious regression. > > I had a similar bug caused by the same underlying issue. > Problem was that there was a limit on how many users you could add to a > group. It is in fact an old issue: > https://bugs.alpinelinux.org/issues/733 > > I added a patch very similar the patch above, just slightly more > conservative. I never liked this as it can cause unforseen consquences. > > http://git.alpinelinux.org/cgit/aports/commit/main/busybox?h=2.6-stable&id=ab88f58f005a1177790e582e1f0171cc4ee5dcce > > > However, this introduced a new issue, that caused login from console > totally break: > http://bugs.alpinelinux.org/issues/2838 > > I never tested it bu I believe it breaks sulogin and httpd's password > features as well. After grepping the sources I think solved all places > with this patch: > > http://git.alpinelinux.org/cgit/aports/tree/main/busybox/pwdgrp-bufsize.patch?h=2.6-stable&id=623c0906aa469523f04146e10b8ad7ab8cdc35f2 > > *if* you want to bump the buf size you need bump it equally on all > those places or you will get problems (if you go that route you should > use a constant for those ofcourse - which might be a good idea anyways) > > I never sent those patches upstream because I don't think this is the > correct fix. For Alpine Linux the "correct" fix was to use the libc > implementation and a libc that handles this properly (musl libc) > together with the patch I sent to this mailing list. > > http://lists.busybox.net/pipermail/busybox/2014-April/080809.html > > Commit message didn't say it but that patch is also needed to fix the > username/groupsize issue - with glibc too I believe. > > -nc > I cannot reproduce most of your issues (all?), but I agree that one constant could be used at several places.
_______________________________________________ busybox mailing list [email protected] http://lists.busybox.net/mailman/listinfo/busybox
