ntsec patch #4: passwd and group

Pierre A. Humblet Pierre.Humblet@ieee.org
Tue Nov 12 09:02:00 GMT 2002

Corinna Vinschen wrote:
> I'm not sure if we're talking about the same static buffer. 

Right, we were not. What you propose is fine, with two 
1) Internal calls (from setuid, stat, etc... ) to getpwuid etc...
should not overwrite the static area 
2) The "maximum useful size" can be very large for the group 
entries. They can have a lot of names in the gr_mem field.

I have another suggestion that would allow keeping what we do now in the
non-reentrant  case (i.e. avoid doing the copying to the static buffer): 
simply never re-read the passwd file when called internally (from
setuid, stat, etc..). Only do it on application calls to pw/gr functions.
I think that's perfectly standard conformant and it won't break anything. 

> "The return value may point to a static area which is overwritten
>  by a subsequent call to getpwent(), getpwnam(), or getpwuid()."
I agree 100%, that's needed by my "other suggestion" above.

>  not required to be reentrant is not required to be thread-safe."
> IMHO that means, we don't even have to care for the mutex thingy.
I agree, we only need a mutex for the thread-safe routines.

> It's ok as it is.  
We still need to do something, either the "copy everything" or the
"don't reread for internal calls". The advantage of the "don't reread" 
is that it's faster (important for internal loops) and requires 
fewer changes. If you don't object I will look further into it,
but not urgently.
The multi-threaded case also needs some work.


More information about the Cygwin-developers mailing list