Description of problem: RHEL 4.7(X86) If user account over 0x7fffffff gid, groups_search(kernel/sys.c) does not work correctly. ex) $ whoami was $ id uid=502(was) gid=502(was) groups=502(was),600(oninstall),2151678465 (was2),2151678496(was3) $ ls -l /tmp drwxrwx--- 2 root oninstall 4096 Jul 29 13:56 aaa user "was" have "oninstall" gid and should be able to access /tmp/aaa But "was" cannot access /tmp/aaa $ ls -l /tmp/aaa ls: /tmp/aaa: Permission denied As a result of investigation, I think groups_search() function has a bug. The argument gid_t grp is unsigned int. However cmp is int. If gid is over 0x7fffffff(2147483647), value of cmp will become incorrect value. As a result, return value will be incorrect(0) also. /* a simple bsearch */ int groups_search(struct group_info *group_info, gid_t grp) { int left, right; if (!group_info) return 0; left = 0; right = group_info->ngroups; while (left < right) { int mid = (left+right)/2; int cmp = grp - GROUP_AT(group_info, mid); if (cmp > 0) left = mid + 1; else if (cmp < 0) right = mid; else return 1; } return 0; } Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. create account and set data to /etc/group so that it have the below gids. oninstall:x:600:test1,was,test2 was2:x:2151678465:was,test2 was3:x:2151678496:was was:x:502: $ id was uid=502(was) gid=502(was) groups=502(was),600(oninstall),2151678465 (was2),2151678496(was3) 2. #mkdir /tmp/aaa #chgrp oninstall /tmp/aaa 3. # su - was [was]$ ls -l /tmp/aaa ls: /tmp/aaa: Permission denied Actual results: ls fail with "Permission denied error" Expected results: ls success Additional info: I think this can be fixed by attachment way.
Created attachment 313181 [details] patch
Since RHEL 4.8 External Beta has begun, and this bugzilla remains unresolved, it has been rejected as it is not proposed as exception or blocker.
Posted: http://post-office.corp.redhat.com/archives/rhkernel-list/2010-September/msg00375.html
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Committed in 89.44.EL . RPMS are available at http://people.redhat.com/vgoyal/rhel4/
Reproduced in 2.6.9-89.43.EL and verified in 2.6.9-89.44.EL.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2011-0263.html