On Tue, Apr 30, 2002 at 02:53:04PM -0700, Bill Studenmund wrote:
> On Tue, 30 Apr 2002, Tim Bandy wrote:
> 
> > I created a test account, and added that test account to more than
> > NGROUPS_MAX groups, which is 16.  This seems to cause initgroups to
> > return -1, which causes problems for (at least) both sshd and
> > telnetd.  Is this intended behavior?  If not, I believe that I have
> > found (at least part of) the problem in getgrouplist.c, and can
> > send-pr.
> 
> Not sure, but it actually doesn't sound like that bad a behavior. As
> counter-intuitive as that may sound, what else should we do if someone is
> in more than NGROUPS_MAX groups? Just pick a random 16 of them? By
> returning -1, we indicate that there's a (big) problem.
> 
> We probably should document this behavior though.

Would it be sensible to set the first NGROUOS_MAX and report -1.
Otherwise there could be a security problem
(as opposed to a DoS problem)

	David

-- 
David Laight: david@l8s.co.uk