| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20121109152854.GA6778@sergelap> Date: Fri, 9 Nov 2012 09:28:54 -0600 From: Serge Hallyn <serge.hallyn@...onical.com> To: Artem Bityutskiy <dedekind1@...il.com> Cc: Andrew Morton <akpm@...ux-foundation.org>, Kees Cook <keescook@...omium.org>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] proc: pid/status: show all supplementary groups Quoting Artem Bityutskiy (dedekind1@...il.com): > From: Artem Bityutskiy <artem.bityutskiy@...ux.intel.com> > > We display a list of supplementary group for each process in the > /proc/<pid>/status. However, we show only the first 32 groups, not all of them. > > Although this is rare, but sometimes processes do have more than 32 > supplementary groups, and this kernel limitation breaks user-space apps > that rely on the group list in /proc/<pid>/status. > > Number 32 comes from the internal NGROUPS_SMALL macro which defines the > length for the internal kernel "small" groups buffer. There is no apparent > reason to limit to this value. > > This patch removes the 32 groups printing limit. > > The Linux kernel limits the amount of supplementary groups by NGROUPS_MAX, > which is currently set to 65536. And this is the maximum count of groups we > may possibly print. > > Signed-off-by: Artem Bityutskiy <artem.bityutskiy@...ux.intel.com> The 'min' is older than git history, but at that dawn of time the code was just sprintf()ing into a large buffer. I don't *really* see a problem with this, though if someone did have 1000 groups /proc/$$/status would be sort of annoying to read. So on the one hand adding a '...' in /proc/self/status after 32, and adding a /proc/$$/creds file seems more pleasant, but then you get into the whole adding files to /proc kerfuffle, so... Acked-by: Serge E. Hallyn <serge.hallyn@...ntu.com> > Cc: stable@...r.kernel.org > --- > fs/proc/array.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > NOTE: I consider this to be a bug which breaks user-space, so I add -stable. > > diff --git a/fs/proc/array.c b/fs/proc/array.c > index c1c207c..bd31e02 100644 > --- a/fs/proc/array.c > +++ b/fs/proc/array.c > @@ -212,7 +212,7 @@ static inline void task_state(struct seq_file *m, struct pid_namespace *ns, > group_info = cred->group_info; > task_unlock(p); > > - for (g = 0; g < min(group_info->ngroups, NGROUPS_SMALL); g++) > + for (g = 0; g < group_info->ngroups; g++) > seq_printf(m, "%d ", > from_kgid_munged(user_ns, GROUP_AT(group_info, g))); > put_cred(cred); > -- > 1.7.7.6 > -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists