ntsec patch #4: passwd and group

Pierre A. Humblet Pierre.Humblet@ieee.org
Wed Nov 20 08:28:00 GMT 2002


Corinna Vinschen wrote:

> The problem I'm talking about is beyond this patch.  Just reiterating
> (so we know that we're talking about the same):
> 
> We talked about the need to use a static buffer in the external
> getpwXXX and getgrXXX functions to allow apps to use the last return
> value (a pointer) even though the file is going to be reread which
> destroys all buffer space.  If Cygwin calls these functions internally,
> the static buffers would be overwritten and the application itself
> gets false data.
> 
> As you say, we need to substitute all internal calls to getpwXXX and
> getgrXXX funcs (except getXXsid, of course) by calling appropriate
> internal functions as internal_getpwuid().  Then we should be safe again.

...and we don't need to change anything to the external functions 
   (so we know that we're talking about the same).
  See below.

> Probably it would make sense to rename getXXsid() funcs to
> internal_getXXsid now to have a consistent naming scheme?

Yes.
 
> I patched your patch already slightly:

Thanks.
 
> How would you like to remove LookupAccountSidA?  Just remove it and
> debug_printf ("Failed to get primary group name.") ?

OK, the debug printf can be removed too, the result will be visible in the
other debug_printf below.
A more ambitious way is to see if the sid is local or not. If it is local we
can safely call LookupAccountSidA.
 
> Rewriting the external funcs and creating and using the internal funcs
> is ok for another patch.

Glad we talk! The external non multithread functions are already OK (i.e. POSIX), 
as long as we have the new internal functions.
In other words, if the internal functions don't reread the files, then there
is no need for new static buffers. The existing buffers can only be wiped out
on the next external call, which is OK.

The multithread issues are still outside the next patch.

Pierre



More information about the Cygwin-patches mailing list