> > 3) bad coding - the libutil routine that does getgrouplist/intgroups
> >    (forgotten its name) doesn't obey its man page and passes invalid
> >    data to the kernel.

in login_cap.c: 
...
int             
setusercontext(login_cap_t *lc, struct passwd *pwd,
               uid_t uid, u_int flags)
...

That function does all sorts of checks. I think that is
the one you are referring to.

>  
> > 4) enhancing the kernel to support indefinite numbers of groups

I would call this secondary ATM.

this is a simple demo that compares the two values:

--
/*-
 * qgrp: query group via sysconf
 *       demonstration program to query sysconf and NGROUPS_MAX
 */

#include <stdio.h>
#include <unistd.h>
#include <sys/syslimits.h>

int
main(void)
{
        long    groups;
        /*
         * note, in reality we would be passing in the
         * number of groups the user belongs to and
         * and comparing them via sysconf.
         */
        groups = sysconf(_SC_NGROUPS_MAX);

        if (groups <= NGROUPS_MAX) {
                printf("NGROUPS_MAX and _SC_NGROUPS_MAX are cool\n");
        } else {
                return -1;
        }
         
        return 0;
}
--

So, where would I "stick it" :-) This prints the value of 
Supplemental groups. Also this routine would need the user's
ngroups to compare to and then return -1 if there is a problem.


-- 
Jay Fink http://pyxis.homeunix.net/
NetBSD Developer http://www.netbsd.org/
Senior SysAdmin/Programmer, Ipsos http://www.ipsos.com/