You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User max is member of a group with GID 2709991565.
Running id max, nsncd (unstable-2022-11-14 from nixpkgs 96f8f4a038a190f7511da79ef7e77bec5e4b811a) returns:
This might be a long shot but do you have a reasonable way to reproduce this in a test? I'm not really sure how to construct this scenario in a lab-like environment in order for us to figure out what's going on, but maybe you know how groups work better than I do?
You can reproduce it by creating a local group with a GID of 2147483648 and adding a user to that group, then running id on that user. nsncd always prints the error, but it looks like glibc has a fallback mechanism in which it'll read /etc/group by itself in case it doesn't get a response from the daemon. To prevent this and actually see the client be affected by the bug, you can use bwrap to hide /etc/group from the client process:
bwrap --bind / / --bind /dev/null /etc/group id theuser
I also made a simple patch that just replaces an i32 with a u32 in the serialize_initgroups function.
The NixOS test runs two VMs, with an unpatched and a patched version of nsncd respectively, and performs the test with id described above, proving that the patch fixes the issue at least in this particular scenario. I assume there are probably more places in the code where i32 is used but u32 would be the correct type.
Originally reported in a fork.
User
max
is member of a group with GID 2709991565.Running
id max
,nsncd
(unstable-2022-11-14 from nixpkgs96f8f4a038a190f7511da79ef7e77bec5e4b811a
) returns:nscd
returns:Log for
nsncd
shows this error message:Users with GIDs <= 2147483647 get their groups listed correctly, so I'm guessing this is a signed vs. unsigned issue.
The text was updated successfully, but these errors were encountered: