Re: getgrouplist(3) vs. getgroups(3)

From: Roland Illig <roland illig gmx de>
To: MC Devel <mc-devel gnome org>
Subject: Re: getgrouplist(3) vs. getgroups(3)
Date: Fri, 22 Jul 2005 22:39:44 +0200

Roland Illig wrote:

I updated the patch.

And I updated it once again. There's nothing completely new, just a fewcosmetic changes. The changes are:


- geteuid() is used instead of getuid().
- getegid() is added to the groups[], even if getgroups() fails.
  But as it won't fail, there's no effective change.

For the other changes, see the detailed analysis below.

+    if (!initialized) {
+	uid = getuid ();
+	ngroups = getgroups (0, NULL);
+	if (ngroups != -1) {
+	    groups = g_new (gid_t, ngroups + 1);
+	    ngroups = getgroups (ngroups, groups);
+
+	    /* getgroups() may or may not return the effective group ID,
+	     * so we always include it at the end of the list. */
+	    if (ngroups >= 0) {
+		groups[ngroups++] = getegid();
+	    }
+	}
+	initialized = TRUE;
+    }


    if (!initialized) {
	uid = geteuid ();

-- Here I chose geteuid() instead of getuid(), because it's
-- the effective user ID which is used for the permissions.

	ngroups = getgroups (0, NULL);
	if (ngroups == -1)
	    ngroups = 0;	/* ignore errors */

-- It is very unlikely that getgroups() fails, and I could have
-- also used assert() for it. But for now, let's just assume
-- we have no additional groups if this call fails.

	/* allocate space for one element in addition to what
	 * will be filled by getgroups(). */
	groups = g_new (gid_t, ngroups + 1);

-- Nevertheless, also in the failing case we allocate a GID array,
-- which then will only contain one entry -- the EGID.

	if (ngroups != 0) {

-- Make sure getgroups() is not called with ngroups == 0, because
-- otherwise the return value might be > 0.

	    ngroups = getgroups (ngroups, groups);

-- Here I assume that the value returned by this call will not be
-- greater than the value from the call above. If there is no
-- thread calling setgroups() in between, this should definitely
-- be ok.

	    if (ngroups == -1)
		ngroups = 0;	/* ignore errors */
	}

-- groups[] has at least ngroups + 1 entries. ngroups of them are
-- filled by getgroups(), and the last one is still free.

	/* getgroups() may or may not return the effective group ID,
	 * so we always include it at the end of the list. */
	groups[ngroups++] = getegid ();

	initialized = TRUE;
    }


Roland

Follow-Ups:
- Re: getgrouplist(3) vs. getgroups(3)
  - From: Leonard den Ottolander

References:
- getgrouplist(3) vs. getgroups(3)
  - From: Roland Illig
- Re: getgrouplist(3) vs. getgroups(3)
  - From: Roland Illig
- Re: getgrouplist(3) vs. getgroups(3)
  - From: Roland Illig
- Re: getgrouplist(3) vs. getgroups(3)
  - From: Jakub Jelinek
- Re: getgrouplist(3) vs. getgroups(3)
  - From: Roland Illig

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]