From: Djalal Harouni <tixxdz@opendz.org>
Date: Mon, 24 Oct 2016 11:13:06 +0000 (+0200)
Subject: core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)
X-Git-Tag: v232~47
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=366ddd252ed25397ead209228b48c5eef93ced2e;p=thirdparty%2Fsystemd.git

core: do not assert when sysconf(_SC_NGROUPS_MAX) fails (#4466)

Remove the assert and check the return code of sysconf(_SC_NGROUPS_MAX).

_SC_NGROUPS_MAX maps to NGROUPS_MAX which is defined in <limits.h> to
65536 these days. The value is a sysctl read-only
/proc/sys/kernel/ngroups_max and the kernel assumes that it is always
positive otherwise things may break. Follow this and support only
positive values for all other case return either -errno or -EOPNOTSUPP.

Now if there are systems that want to re-write NGROUPS_MAX then they
should not pass SupplementaryGroups= in units even if it is empty, in
this case nothing fails and we just ignore supplementary groups. However
if SupplementaryGroups= is passed even if it is empty we have to assume
that there will be groups manipulation from our side or the kernel and
since the kernel always assumes that NGROUPS_MAX is positive, then
follow that and support only positive values.
---

diff --git a/src/core/execute.c b/src/core/execute.c
index a9b2b8f299a..53356c3c06b 100644
--- a/src/core/execute.c
+++ b/src/core/execute.c
@@ -788,6 +788,19 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
         if (!c->supplementary_groups)
                 return 0;
 
+        /*
+         * If SupplementaryGroups= was passed then NGROUPS_MAX has to
+         * be positive, otherwise fail.
+         */
+        errno = 0;
+        ngroups_max = (int) sysconf(_SC_NGROUPS_MAX);
+        if (ngroups_max <= 0) {
+                if (errno > 0)
+                        return -errno;
+                else
+                        return -EOPNOTSUPP; /* For all other values */
+        }
+
         /*
          * If user is given, then lookup GID and supplementary group list.
          * We avoid NSS lookups for gid=0.
@@ -800,8 +813,6 @@ static int get_fixed_supplementary_groups(const ExecContext *c,
                 keep_groups = true;
         }
 
-        assert_se((ngroups_max = (int) sysconf(_SC_NGROUPS_MAX)) > 0);
-
         l_gids = new(gid_t, ngroups_max);
         if (!l_gids)
                 return -ENOMEM;