Red Hat Bugzilla – Bug 1028134
snapper: user/group name resolution
Last modified: 2018-04-17 03:19:56 EDT
_SC_GETPW_R_SIZE_MAX and _SC_GETGR_R_SIZE_MAX are only size *hints*. Their names are misleading, it is not a maximum size. snapperd should still loop around the getpwnam_r and getgrnam_r calls and allocate more memory as necessary (on the heap, not the stack). This is required so that users in many groups and groups with many users can access snapperd. Affected the functions get_user_uid and get_group_uids in server/MetaSnapper.cc.
We'll advise not to set ALLOW_USERS or ALLOW_GROUPS in snapper config anyway. It would bypass MAC and would expose files not visible to identities in ALLOW_*
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.
should have been Cond NAK only