I'm currently trying to increase my maximum number of supplimentary groups
from 32 to 256 under Redhat 5.2. Kernel rev is 2.0.36, glibc 2.0.7. I've
upped the value of NGROUPS_MAX to 256 in limits.h, and upped the value of
NGROUPS from 32 to 256 in asm/param.h... recompiled both kernel and library.
Just in case it was a shell bugbear, I also grabbed and installed the latest
bash. Here's what happens:
o When I try to 'su' to the http account, the following shows up:
victim:/usr/src/redhat/BUILD/glibc-2.0.7# su - http
su: cannot set groups: Invalid argument
o Even stranger from when I log in as the account... keep in mind that this
account SHOULD report over 100 group ids:
victim:~$ id
uid=80(http) gid=80(http) groups=0(root)
There's something definately not right happening there... looks like the
NGROUP_MAX tweak also tickles some sort of bug somewhere which magically
gives me root group privs (might make a suprise for some unsuspecting
security auditor!)
I'm about to dive into kernel source (printk's at the ready!), but if
someone else has already managed to make this work and could offer me some
advice and save me the hassle I'd greatly appreciate it. I know it *can* be
done, because I was able to successfully handle this exact process under
2.0.23 and libc5.
... and if there isn't an established doc for this, maybe I'll slap
together a quick minifaq/walkthrough for it when the dust settles.
--
__________________________________________
| |
| Rick Franchuk - TranSpecT Consulting |
|_______ _______|
\mailto:rickf@transpect.net/
\_____ICQ_#_4435025______/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/