| Summary: | large groups using db auth don't appear to be added to user | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Kevin Fenzi <kevin> | ||||
| Component: | nss_db | Assignee: | Nalin Dahyabhai <nalin> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | BaseOS QE Security Team <qe-baseos-security> | ||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | urgent | ||||||
| Version: | 6.1 | CC: | a.badger, aoliva, cww, dpal, ksrot, mfranc, msvoboda, omoris, prc, rdassen, syeghiay | ||||
| Target Milestone: | rc | Keywords: | Patch, Regression, ZStream | ||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | nss_db-2.2.3-0.5.pre1.el6 | Doc Type: | Bug Fix | ||||
| Doc Text: |
The previous update of nss_db attempted to fix a bug, which under certain circumstances prevented multi-threaded applications from obtaining complete lists of user's supplemental group memberships. This problem was not completely fixed due to an internal error that occurred when using an insufficiently large temporary buffer to parse a group entry with a large list of users. This update resolves the issue by resetting the buffer's contents after the buffer has been resized. Large group lists are thus correctly parsed and the entire list of user's supplemental groups is now correctly listed in this scenario.
|
Story Points: | --- | ||||
| Clone Of: | |||||||
| : | 1174702 (view as bug list) | Environment: | |||||
| Last Closed: | 2012-10-09 12:44:05 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 788668 | ||||||
| Attachments: |
|
||||||
|
Description
Kevin Fenzi
2011-11-04 19:45:31 UTC
The next largest group is 4798 users (a subset of the 5130 user group). This group is currently being added to users' groups properly. Since RHEL 6.2 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. I've just tested a group with 8K+ members with glibc 2.15-ish, that has nss db support built in, and it worked fine; as of glibc 2.12, this was not built in, and it was the separate component nss_db that provided this feature. Reassigning to the correct component. Created attachment 556127 [details]
proposed patch
*** Bug 787382 has been marked as a duplicate of this bug. *** This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Technical note added. If any revisions are required, please edit the "Technical Notes" field
accordingly. All revisions will be proofread by the Engineering Content Services team.
New Contents:
The previous update of nss_db attempted to fix a bug, which under certain circumstances prevented multi-threaded applications from obtaining complete lists of user's supplemental group memberships. This problem was not completely fixed due to an internal error that occurred when using an insufficiently large temporary buffer to parse a group entry with a large list of users. This update resolves the issue by resetting the buffer's contents after the buffer has been resized. Large group lists are thus correctly parsed and the entire list of user's supplemental groups is now correctly listed in this scenario.
Since this is a parent bug of an issue that has already been released via Z-Stream (e.g. rhel-6.3.z), this bug is going to be CLOSED as CURRENTRELEASE. This bug was open to ensure that the fix would be included if we should update the package in a Y stream. I don't believe that it should have been closed. |