This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option

From: "Andrew J. Schorr" <ajschorr at alumni dot princeton dot edu>
To: Jeff Layton <jlayton at redhat dot com>
Cc: Chuck Lever <chucklever at gmail dot com>, Steve Dickson <SteveD at redhat dot com>,libc-alpha at sourceware dot org,libtirpc <libtirpc-devel at lists dot sourceforge dot net>
Date: Sat, 18 Dec 2010 18:55:17 -0500
Subject: Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
References: <AANLkTi=FNANqAs5m3xbZcQq5K0vMtZBb1+KU9pWC9K8_@mail.gmail.com><20101218191228.GA31697@ti93.telemetry-investments.com><AANLkTin8Z-+M03r3xJEyNV4HYTdZETyfwb0m4ghmRRDX@mail.gmail.com><20101218210837.GA21631@caradoc.them.org><AANLkTi=ADgqSAbTwZpR5EKn7yd=pNRYamFT=iLxAf19r@mail.gmail.com><20101218222313.GA7435@ti93.telemetry-investments.com><AANLkTinnzN6MBbKe=VddZaNGem7131DiGnZ3KgYcuy6R@mail.gmail.com><20101218224412.GA9764@ti93.telemetry-investments.com><AANLkTinAcgJcZaJo7DqaPz3YrGO47GgT_sj_o26-7sHn@mail.gmail.com><20101218184459.240b3560@corrin.poochiereds.net>

On Sat, Dec 18, 2010 at 06:44:59PM -0500, Jeff Layton wrote:
> I can see arguments for either way. On the one hand, people porting to
> libtirpc are likely to be fixing code anyway -- fixing this ought to be
> doable at the same time. It's really not hard to call setgroups to fix
> up the groups list before you call this function.

When I originally reported the security issue with rpcbind that the -i option
opens up too many things, Chuck said it would be a simple recompile to build
with libtirpc and obviate that problem.  But you seem to be saying that
significant porting is required.  Is there a document somewhere describing the
issues that may arise in porting from glibc's rpc API to libtirpc?

It took me quite some time to chase down this getgroups issue.  My
application SEGV'ed, and I ultimately tracked it down after a lot
of guesswork.  The incompatibilies might not be so bad if they were
clearly documented somewhere -- perhaps /usr/share/doc/libtirpc/PORTING
is needed?

Regards,
Andy

References:
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Chuck Lever
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Andrew J. Schorr
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Chuck Lever
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Daniel Jacobowitz
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Chuck Lever
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Andrew J. Schorr
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Chuck Lever
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Andrew J. Schorr
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Chuck Lever
- Re: [Libtirpc-devel] Fwd: Re: proposed patch to rpcbind to providefiner-grained security controls than offered by the -i option
  - From: Jeff Layton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]