Bug 457519
| Summary: | groups_search() cannot handle large gid correctly | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 4 | Reporter: | masaya.hasegawa.hp <masaya.hasegawa> | ||||
| Component: | kernel | Assignee: | Jerome Marchand <jmarchan> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Petr Beňas <pbenas> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 4.7 | CC: | bressers, eteo, pbenas, pstehlik, pvrabec, syeghiay, thoger, vgoyal | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | i686 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 629626 629629 (view as bug list) | Environment: | |||||
| Last Closed: | 2011-02-16 16:00:17 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 629626, 629629 | ||||||
| Attachments: |
|
||||||
Created attachment 313181 [details]
patch
Since RHEL 4.8 External Beta has begun, and this bugzilla remains unresolved, it has been rejected as it is not proposed as exception or blocker. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release. Committed in 89.44.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/ Reproduced in 2.6.9-89.43.EL and verified in 2.6.9-89.44.EL. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0263.html |
Description of problem: RHEL 4.7(X86) If user account over 0x7fffffff gid, groups_search(kernel/sys.c) does not work correctly. ex) $ whoami was $ id uid=502(was) gid=502(was) groups=502(was),600(oninstall),2151678465 (was2),2151678496(was3) $ ls -l /tmp drwxrwx--- 2 root oninstall 4096 Jul 29 13:56 aaa user "was" have "oninstall" gid and should be able to access /tmp/aaa But "was" cannot access /tmp/aaa $ ls -l /tmp/aaa ls: /tmp/aaa: Permission denied As a result of investigation, I think groups_search() function has a bug. The argument gid_t grp is unsigned int. However cmp is int. If gid is over 0x7fffffff(2147483647), value of cmp will become incorrect value. As a result, return value will be incorrect(0) also. /* a simple bsearch */ int groups_search(struct group_info *group_info, gid_t grp) { int left, right; if (!group_info) return 0; left = 0; right = group_info->ngroups; while (left < right) { int mid = (left+right)/2; int cmp = grp - GROUP_AT(group_info, mid); if (cmp > 0) left = mid + 1; else if (cmp < 0) right = mid; else return 1; } return 0; } Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. create account and set data to /etc/group so that it have the below gids. oninstall:x:600:test1,was,test2 was2:x:2151678465:was,test2 was3:x:2151678496:was was:x:502: $ id was uid=502(was) gid=502(was) groups=502(was),600(oninstall),2151678465 (was2),2151678496(was3) 2. #mkdir /tmp/aaa #chgrp oninstall /tmp/aaa 3. # su - was [was]$ ls -l /tmp/aaa ls: /tmp/aaa: Permission denied Actual results: ls fail with "Permission denied error" Expected results: ls success Additional info: I think this can be fixed by attachment way.