Remainder :-)
Denys Vlasenko
vda.linux at googlemail.com
Sat Sep 27 14:45:47 UTC 2008
On Saturday 27 September 2008 16:00, Tito wrote:
> Hi Denys,
> maybe this patches slipped through as my cc to you get
> bounced by a spam filter that blacklisted my ip?
I received them. sorry about this delay.
> # [PATCH 1/3] add bb_getgrouplist_malloc to libbb Tito
> http://www.busybox.net/lists/busybox/2008-September/033078.html
> # [PATCH 2/3] port id to bb_getgrouplist_malloc + fixes Tito
> http://www.busybox.net/lists/busybox/2008-September/033079.html
Let's look at these two patches together.
Here:
if (username) {
-#if HAVE_getgrouplist
- int m;
-#endif
p = getpwnam(username);
/* xuname2uid is needed because it exits on failure */
uid = xuname2uid(username);
gid = p->pw_gid; /* in this case PRINT_REAL is the same */
-
-#if HAVE_getgrouplist
- n = 16;
- groups = NULL;
- do {
- m = n;
- groups = xrealloc(groups, sizeof(groups[0]) * m);
- getgrouplist(username, gid, groups, &n); /* GNUism? */
- } while (n > m);
-#endif
- } else {
-#if HAVE_getgrouplist
- n = getgroups(0, NULL);
- groups = xmalloc(sizeof(groups[0]) * n);
- getgroups(n, groups);
-#endif
}
+ group_list = bb_getgrouplist_malloc(uid, gid, NULL);
you replace getgrouplist() call with bb_getgrouplist_malloc().
bb_getgrouplist_malloc() iterates through the whole set of group records:
+ while((grp = getgrent())) {
...
+ while (*(grp->gr_mem)) {
...
+ }
+ }
This may be very expensive. I know for the fact than in big organizations
some groups are HUGE - I saw 500kbytes large "guests" group.
(nscd died horribly trying to digest such a large group.)
In these cases, user db is not in /etc/XXX files. It is in LDAP etc.
getgrouplist() may have a more clever way of retrieving this data -
instead of pulling megabytes from user datrabase by iterating through
all groups it may just directly query uer db "give me group list
of this user". Likely to be less than kilobyte of data.
There is no way around it. If you want to make sure you have at least
a fleeting chance of not performing horribly, you must use libc interfaces
fro retrieving group lists, of which there is two known to me:
initgroups (standard, but useless in many ceses) and getgrouplist (GNUism).
Then, *if* your libc is well-written, it will hopefully do it efficiently.
Secondly, make bloatcheck says:
function old new delta
bb_getgrouplist_malloc - 192 +192
print_single - 106 +106
print_group_list - 94 +94
decode_format_string 824 839 +15
...(deleted gcc-induced random jitter +/-9 bytes)...
printf_full 44 - -44
id_main 539 331 -208
------------------------------------------------------------------------------
(add/remove: 3/1 grow/shrink: 4/4 up/down: 418/-259) Total: 159 bytes
This does not seem to be a progress.
> # [PATCH 3/3] "euid and egid handling" (forgot the subject here ;-)
> http://www.busybox.net/lists/busybox/2008-September/033080.html
Patch 2 also mentions "+ fixes".
Can you send these fixes (dropping bb_getgrouplist_malloc() for now)?
Thanks.
--
vda
More information about the busybox
mailing list