similar to: [Bug 787] Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd)

Linux has just raised the NGROUPS_MAX limit from 32 to 64k. In doing an audit of various tools, openssh turned up as having incorrect groups handling. Almost no user-space apps really care about NGROUPS_MAX. A proposed patch (untested, since the CVS build won't compile on my RH box.. :-/) : What think? Index: uidswap.c ===================================================================

http://bugzilla.mindrot.org/show_bug.cgi?id=787 Summary: Minor security problem due to use of deprecated NGROUPS_MAX in uidswap.c (sshd) Product: Portable OpenSSH Version: 3.7.1p2 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo:

Currently samba (2.0.6) relies on the NGROUPS_MAX define. This makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS ./source/lib/system.c: if (setlen > NGROUPS_MAX) { ./source/lib/replace.c: gid_t grouplst[NGROUPS_MAX]; ./source/lib/replace.c: while (i < NGROUPS_MAX &&

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

Currently openssh (3.4p1) relies on the NGROUPS_MAX define. This makes the number of allowed simultaneous (per-user) secondary groups a compile-time decision. $ find . -name \*.c | xargs grep NGROUPS_MAX ./groupaccess.c:static char *groups_byname[NGROUPS_MAX + 1]; /* +1 for base/primary group */ ./groupaccess.c: gid_t groups_bygid[NGROUPS_MAX + 1]; ./uidswap.c:static gid_t

I have an odd problem and I was wondering if anyone has ever run into this before. I have a machine running solaris 8, OpenSSH 3.1p1 and OpenSSL 0.9.6c and it has been working fine for quite some time (ssh that is). Today, /etc/system was updated to increase the maximum number of groups from 16 to 32. After the system was rebooted, things seemed to be working as expected, however one of our

Hi on FreeBSD it happens that without this patch the number of groups is limited to 32. Since we need a greater number of groups, we send this patch. Hope it is approved early. Bye diff -ruN /root/work/samba-3.2.8/source/lib/replace/system/passwd.h /usr/ports/net/samba32/work/samba-3.2.8/source/lib/replace/system/passwd.h --- /root/work/samba-3.2.8/source/lib/replace/system/passwd.h 2009-02-03

Hi: I get the occasional error below. Is there something I don't have configured correctly? Or should I just ignore this? It is not always this file, sometimes it is the cache.lock file or the log.newlock file. I have a mail client running on my computer and my phone at the same time, could that have something to do with it? Nov 10 08:32:59 rabbitbrush dovecot: IMAP(bob):

Hi , i have the problem if somebody is member of more than 32 (Unix) groups every group bigger than number 32 will be cut off Debug Example : [2002/08/21 09:57:51, 3] smbd/sec_ctx.c:set_sec_ctx(319) 32 user groups: 500 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 [2002/08/21 09:57:51, 3]

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > Message: 5 > Date: 15 Aug 2003 08:14:58 -0500 > From: "Azelton Sean (RBNA/CIT1)" <sean.azelton@us.bosch.com> > Subject: [Samba] Repost: group membership limitations and Linux kernel > To: samba@lists.samba.org > Message-ID: <1060953297.1972.1.camel@sbdgecko.sbd.us.bosch.com> > Content-Type: text/plain >

My company, which is a mac-heavy shop in the printing industry, needed to migrate to a faster file server. As our directory trees are very large, both Samba, and Netatalk were bogging down badly on our Linux server (Samba, due to heavy CPU usage during directory listings - the case-sensitive file system issue, and netatalk because the cnid db was getting too big). Our solution was to switch to a

Hi all, I'm having an issue with Samba 3.6.4 on Solaris using Active Directory with a Windows Server 2008 domain controller. I should state early on that I do not believe this is a manifestation of the Solaris 16 group limit - the number of groups is well below 16. Winbind seems to be working fine - I can use wbinfo -r to check the groups that a user is a member of, it returns the list of

I am trying to debug some core dump problems. I should be able to run imap by itself right? How to fix? # ./imap imap(root): Fatal: setgroups() failed: Too many extra groups I am using latest nightly code.

Hi, I have a data set like this: Mutant Rep Time OD 02H02 1 0 0.029 02H02 2 0 0.029 02H02 3 0 0.023 02H02 1 8 0.655 02H02 2 8 0.615 02H02 3 8 0.557 02H02 1 12 1.776 02H02 2 12 1.859 02H02 3 12 1.668 02H02 1 16 3.379 02H02 2 16 3.726 02H02 3 16 3.367 306 1 0 0.033 306 2

Dear R-users, A while ago, Deepayan Sarkar suggested some code that uses the group argument in bwplot to create some 'side-by-side' boxplots (https://stat.ethz.ch/pipermail/r-help/2010-February/230065.html). The example he gave was relatively specific and I wanted to generalize his approach into a function. Unfortunately, I seem to have some issues passing the correct arguments to the

> *** openbsd-compat/bsd-nextstep.h.orig Sun Feb 4 00:16:16 2001 > --- openbsd-compat/bsd-nextstep.h Sun Feb 4 00:19:09 2001 > *************** > *** 48,52 **** > --- 48,56 ---- > speed_t cfgetispeed(const struct termios *t); > int cfsetospeed(struct termios *t, int speed); > int cfsetispeed(struct termios *t, int speed); > + > + /* LIMITS */ > + #define

Greetings, Have built and have Samba 4.4.5 running on my test Solaris 10 server. Works just fine on there. It is set in /etc/system with ngroups_max=32 and is running as a member server in my university's AD domain. This morning trying to install 4.4.5 on a production server that had been running samba 3.6 - not "upgrade" but left the domain, installed the newer version of

# cat /proc/sys/kernel/ngroups_max 65536 # sysctl kernel.ngroups_max kernel.ngroups_max = 65536 Is there a way to change/look at AUTH_SYS? Seems I have 28 groups now as my user I tried created a test user with much less groups but it turns out it is on all those other groups. As such I tried winbind nested groups=no but this doesn't seem to change anything. On Tue, Dec 8, 2015 at 5:05

hello everyone, i'm not even sure there is something wrong with samba here but im taking all chances... i have a linux samba server and 3 winXP prof pcs in my setup. now from one of the winxp boxes i can not seem to access my shares on the server. that is when i try to go through network neighborhood path. the message that is returned is : \\stargaze is not accessible. You may not have

Hi, I'm trying to create a new Samba server to share files. We currently have an instance of Samba 3.6 on another server which we are using but need to retire that server. I recently set up a new AD domain on Samba 4.3.11 on Ubuntu 16.04. There are two domain controllers. Most of the PCs are joined to this AD domain. Our user accounts and group memberships are maintained in an LDAP