From: Stefan Sperling <stsp@stsp.name>
Subject: Re: fix gotd group auth
To: "Todd C. Miller" <millert@openbsd.org>
Cc: gameoftrees@openbsd.org
Date: Thu, 17 Nov 2022 17:18:35 +0100

On Thu, Nov 17, 2022 at 09:03:52AM -0700, Todd C. Miller wrote:
> On Thu, 17 Nov 2022 10:03:36 +0100, Stefan Sperling wrote:
> 
> > gotd group auth is broken. It matches against the groups of
> > the user running gotd instead of the user which is connecting
> > to the socket :-) Fix this and add tests for various cases
> > where gotd should deny repository read access.
> 
> I don't think it makes sense to examine errno on getpwuid() failure.
> This should really be an unknown user kind of error.

These functions read files or yellow pages and can fail for reasons
such as i/o failures. Our getpwuid implementation sets errno on failure.

Since errno is not mentioned in the man page, I agree that we should
probably not check it. I ended up reading the implementation because
the man page was too vague. I have no idea how portable checking for
errno is in this case... :-/