Authentication of lechatp...
Password:
XPath error : Invalid predicate
//role[users/user[@name="lechatp"]/commands/command/text()='bin/capable -c 'echo bobo'' or count(users/user[@name="lechatp" and count(commands)=0])>0]
^
XPath error : Invalid expression
//role[users/user[@name="lechatp"]/commands/command/text()='bin/capable -c 'echo bobo'' or count(users/user[@name="lechatp" and count(commands)=0])>0]
^
XPath error : Invalid predicate
XPath error : Invalid expression
Command is not found in configuration or not allowed: Success

ansi_term is Unmaintained

The maintainer has advised that this crate is deprecated and will not receive any maintenance.

The crate does not seem to have much dependencies and may or may not be ok to use as-is.

Last release seems to have been three years ago.

Possible Alternative(s)

The below list has not been vetted in any way and may or may not contain alternatives;

• anstyle
• console
• nu-ansi-term
• owo-colors
• stylish
• yansi

Dependency Specific Migration(s)

• structopt, clap2

See advisory page for additional details.

Potential segfault in the time crate

Impact

Unix-like operating systems may segfault due to dereferencing a dangling pointer in specific circumstances. This requires an environment variable to be set in a different thread than the affected functions. This may occur without the user's knowledge, notably in a third-party library.

The affected functions from time 0.2.7 through 0.2.22 are:

• time::UtcOffset::local_offset_at
• time::UtcOffset::try_local_offset_at
• time::UtcOffset::current_local_offset
• time::UtcOffset::try_current_local_offset
• time::OffsetDateTime::now_local
• time::OffsetDateTime::try_now_local

The affected functions in time 0.1 (all versions) are:

• at
• at_utc
• now

Non-Unix targets (including Windows and wasm) are unaffected.

Patches

Pending a proper fix, the internal method that determines the local offset has been modified to always return None on the affected operating systems. This has the effect of returning an Err on the try_* methods and UTC on the non-try_* methods.

Users and library authors with time in their dependency tree should perform cargo update, which will pull in the updated, unaffected code.

Users of time 0.1 do not have a patch and should upgrade to an unaffected version: time 0.2.23 or greater or the 0.3 series.

Workarounds

A possible workaround for crates affected through the transitive dependency in chrono, is to avoid using the default oldtime feature dependency of the chrono crate by disabling its default-features and manually specifying the required features instead.

Examples:

Cargo.toml:

chrono = { version = "0.4", default-features = false, features = ["serde"] }

chrono = { version = "0.4.22", default-features = false, features = ["clock"] }

Commandline:

cargo add chrono --no-default-features -F clock

Sources:

• chronotope/chrono#602 (comment)
• vityafx/serde-aux#21

See advisory page for additional details.

Any GUI program won't work (firefox, gedit etc.)
Any program uses environnment variable will work (example : gcc)

Hello, When trying to compile the ebpf folder I got a lot of union def error on Ubuntu 16.04.6 LTS. Any idea on what could cause this?

Best, Thomas F.

tflayols@obamisan:ebpf$ make
make: stat: obj/bpf.o : Permission non accordée
gcc -O2 -Wall -pedantic -I ./ -g -o obj/bpf.o -c src/bpf.c
In file included from src/bpf.c:22:0:
src/bpf.h:46:58: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
 int bpf_prog_attach(int prog_fd, int attachable_fd, enum bpf_attach_type type,
                                                          ^
src/bpf.h:47:7: warning: ‘enum bpf_attach_type’ declared inside parameter list
       unsigned int flags);
       ^
src/bpf.h:47:7: warning: its scope is only this definition or declaration, which is probably not what you want
src/bpf.h:48:45: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
 int bpf_prog_detach(int attachable_fd, enum bpf_attach_type type);
                                             ^
src/bpf.h:48:45: warning: ‘enum bpf_attach_type’ declared inside parameter list
src/bpf.c: In function ‘bpf_create_map’:
src/bpf.c:62:6: error: ‘union bpf_attr’ has no member named ‘map_flags’
  attr.map_flags = map_flags;
      ^
src/bpf.c: At top level:
src/bpf.c:165:54: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
 int bpf_prog_attach(int prog_fd, int target_fd, enum bpf_attach_type type,
                                                      ^
src/bpf.c:166:7: warning: ‘enum bpf_attach_type’ declared inside parameter list
       unsigned int flags)
       ^
src/bpf.c:165:70: error: parameter 3 (‘type’) has incomplete type
 int bpf_prog_attach(int prog_fd, int target_fd, enum bpf_attach_type type,
                                                                      ^
src/bpf.c: In function ‘bpf_prog_attach’:
src/bpf.c:171:6: error: ‘union bpf_attr’ has no member named ‘target_fd’
  attr.target_fd = target_fd;
      ^
src/bpf.c:172:6: error: ‘union bpf_attr’ has no member named ‘attach_bpf_fd’
  attr.attach_bpf_fd = prog_fd;
      ^
src/bpf.c:173:6: error: ‘union bpf_attr’ has no member named ‘attach_type’
  attr.attach_type = type;
      ^
src/bpf.c:174:6: error: ‘union bpf_attr’ has no member named ‘attach_flags’
  attr.attach_flags = flags;
      ^
src/bpf.c:176:17: error: ‘BPF_PROG_ATTACH’ undeclared (first use in this function)
  return sys_bpf(BPF_PROG_ATTACH, &attr, sizeof(attr));
                 ^
src/bpf.c:176:17: note: each undeclared identifier is reported only once for each function it appears in
src/bpf.c: At top level:
src/bpf.c:179:41: warning: ISO C forbids forward references to ‘enum’ types [-Wpedantic]
 int bpf_prog_detach(int target_fd, enum bpf_attach_type type)
                                         ^
src/bpf.c:179:41: warning: ‘enum bpf_attach_type’ declared inside parameter list
src/bpf.c:179:57: error: parameter 2 (‘type’) has incomplete type
 int bpf_prog_detach(int target_fd, enum bpf_attach_type type)
                                                         ^
src/bpf.c: In function ‘bpf_prog_detach’:
src/bpf.c:184:6: error: ‘union bpf_attr’ has no member named ‘target_fd’
  attr.target_fd = target_fd;
      ^
src/bpf.c:185:6: error: ‘union bpf_attr’ has no member named ‘attach_type’
  attr.attach_type = type;
      ^
src/bpf.c:187:17: error: ‘BPF_PROG_DETACH’ undeclared (first use in this function)
  return sys_bpf(BPF_PROG_DETACH, &attr, sizeof(attr));
                 ^
src/bpf.c: In function ‘bpf_prog_attach’:
src/bpf.c:177:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^
src/bpf.c: In function ‘bpf_prog_detach’:
src/bpf.c:188:1: warning: control reaches end of non-void function [-Wreturn-type]
 }
 ^
Makefile:61 : la recette pour la cible « obj/bpf.o » a échouée
make: *** [obj/bpf.o] Erreur 1

Issue

When creating a role with insufficient parameters (no users/groups), the role created is incorrect.

Command

addrole test cap_dac_override -c ls

Result

<role name="test">
      <capabilities>
        <capability>cap_sys_admin</capability>
      </capabilities>
      <commands>
        <command>ls</command>
      </commands>
</role>

Expected Result

An error, Respecting the DTD, role must have actor to have command.

Describe the bug
Saving created Roles via chsr is not working.

Error Message:
unable to retrieve allow-root

tried it with several users (root, personal account)

Desktop (please complete the following information):

• OS: Redhat Enterprise Linux
• Version 8

Issue
I tried RootAsRole on an RHEL 8 Host.
The tool capable only gives empty output:

Here's all capabilities intercepted for this program :

WARNING: These capabilities aren't mandatory, but can change the behavior of tested program.
WARNING: CAP_SYS_ADMIN is rarely needed and can be very dangerous to grant

I think it does not work with the RHEL kernel ?

To Reproduce
execute the command on rhel, example capable yum update -y
.

Desktop (please complete the following information):

• OS: Redhat Enterprise Linux
• Version 8

on Ubuntu 16.04 HP portable desktop :
jacksparrow@ubuntu $ sr -c "echo bobo"

Authentication of jacksparrow...
Password:
*** Error in `sr': malloc(): memory corruption: 0x0000000000c69c40 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x777e5)[0x7fd3bcf4f7e5]
/lib/x86_64-linux-gnu/libc.so.6(+0x8213e)[0x7fd3bcf5a13e]
/lib/x86_64-linux-gnu/libc.so.6(__libc_malloc+0x54)[0x7fd3bcf5c184]
/usr/lib/x86_64-linux-gnu/libxml2.so.2(xmlXPathNewContext+0x17)[0x7fd3bd35afa7]
sr[0x403d81]
sr[0x40419c]
sr[0x402f09]
sr[0x405bf5]
sr[0x405477]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf0)[0x7fd3bcef8830]
sr[0x401eb9]
======= Memory map: ========
00400000-00408000 r-xp 00000000 b3:02 269591 /usr/bin/sr
00608000-00609000 r--p 00008000 b3:02 269591 /usr/bin/sr
00609000-0060a000 rw-p 00009000 b3:02 269591 /usr/bin/sr
00c4e000-00c80000 rw-p 00000000 00:00 0 [heap]
7fd3b4000000-7fd3b4021000 rw-p 00000000 00:00 0
7fd3b4021000-7fd3b8000000 ---p 00000000 00:00 0
7fd3b8229000-7fd3b8230000 r-xp 00000000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b8230000-7fd3b842f000 ---p 00007000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b842f000-7fd3b8430000 r--p 00006000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b8430000-7fd3b8431000 rw-p 00007000 b3:02 1439002 /lib/x86_64-linux-gnu/librt-2.23.so
7fd3b8c43000-7fd3b8c5b000 r-xp 00000000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8c5b000-7fd3b8e5a000 ---p 00018000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8e5a000-7fd3b8e5b000 r--p 00017000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8e5b000-7fd3b8e5c000 rw-p 00018000 b3:02 1439062 /lib/x86_64-linux-gnu/libpthread-2.23.so
7fd3b8e5c000-7fd3b8e60000 rw-p 00000000 00:00 0
7fd3b9745000-7fd3b9750000 r-xp 00000000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b9750000-7fd3b994f000 ---p 0000b000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b994f000-7fd3b9950000 r--p 0000a000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b9950000-7fd3b9951000 rw-p 0000b000 b3:02 1439072 /lib/x86_64-linux-gnu/libnss_files-2.23.so
7fd3b9951000-7fd3b9957000 rw-p 00000000 00:00 0
7fd3b9957000-7fd3b9962000 r-xp 00000000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9962000-7fd3b9b61000 ---p 0000b000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9b61000-7fd3b9b62000 r--p 0000a000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9b62000-7fd3b9b63000 rw-p 0000b000 b3:02 1439065 /lib/x86_64-linux-gnu/libnss_nis-2.23.so
7fd3b9b63000-7fd3b9b79000 r-xp 00000000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9b79000-7fd3b9d78000 ---p 00016000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9d78000-7fd3b9d79000 r--p 00015000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9d79000-7fd3b9d7a000 rw-p 00016000 b3:02 1439070 /lib/x86_64-linux-gnu/libnsl-2.23.so
7fd3b9d7a000-7fd3b9d7c000 rw-p 00000000 00:00 0
7fd3b9d7c000-7fd3b9d84000 r-xp 00000000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9d84000-7fd3b9f83000 ---p 00008000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9f83000-7fd3b9f84000 r--p 00007000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9f84000-7fd3b9f85000 rw-p 00008000 b3:02 1444324 /lib/x86_64-linux-gnu/libnss_compat-2.23.so
7fd3b9f85000-7fd3b9f9b000 r-xp 00000000 b3:02 1444684 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fd3b9f9b000-7fd3ba19a000 ---p 00016000 b3:02 1444684 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fd3ba19a000-7fd3ba19b000 rw-p 00015000 b3:02 1444684 /lib/x86_64-linux-gnu/libgcc_s.so.1
7fd3ba19b000-7fd3ba30d000 r-xp 00000000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba30d000-7fd3ba50d000 ---p 00172000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba50d000-7fd3ba517000 r--p 00172000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba517000-7fd3ba519000 rw-p 0017c000 b3:02 261821 /usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21
7fd3ba519000-7fd3ba51d000 rw-p 00000000 00:00 0
7fd3ba51d000-7fd3bbdd3000 r-xp 00000000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbdd3000-7fd3bbfd2000 ---p 018b6000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbfd2000-7fd3bbfd3000 r--p 018b5000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbfd3000-7fd3bbfd4000 rw-p 018b6000 b3:02 273253 /usr/lib/x86_64-linux-gnu/libicudata.so.55.1
7fd3bbfd4000-7fd3bc0dc000 r-xp 00000000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc0dc000-7fd3bc2db000 ---p 00108000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc2db000-7fd3bc2dc000 r--p 00107000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc2dc000-7fd3bc2dd000 rw-p 00108000 b3:02 1444367 /lib/x86_64-linux-gnu/libm-2.23.so
7fd3bc2dd000-7fd3bc2fe000 r-xp 00000000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc2fe000-7fd3bc4fd000 ---p 00021000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc4fd000-7fd3bc4fe000 r--p 00020000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc4fe000-7fd3bc4ff000 rw-p 00021000 b3:02 1444713 /lib/x86_64-linux-gnu/liblzma.so.5.0.0
7fd3bc4ff000-7fd3bc518000 r-xp 00000000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc518000-7fd3bc717000 ---p 00019000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc717000-7fd3bc718000 r--p 00018000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc718000-7fd3bc719000 rw-p 00019000 b3:02 1444837 /lib/x86_64-linux-gnu/libz.so.1.2.8
7fd3bc719000-7fd3bc898000 r-xp 00000000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bc898000-7fd3bca98000 ---p 0017f000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bca98000-7fd3bcaa8000 r--p 0017f000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bcaa8000-7fd3bcaa9000 rw-p 0018f000 b3:02 273267 /usr/lib/x86_64-linux-gnu/libicuuc.so.55.1
7fd3bcaa9000-7fd3bcaad000 rw-p 00000000 00:00 0
7fd3bcaad000-7fd3bcab0000 r-xp 00000000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bcab0000-7fd3bccaf000 ---p 00003000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bccaf000-7fd3bccb0000 r--p 00002000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bccb0000-7fd3bccb1000 rw-p 00003000 b3:02 1439060 /lib/x86_64-linux-gnu/libdl-2.23.so
7fd3bccb1000-7fd3bcccd000 r-xp 00000000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcccd000-7fd3bcecc000 ---p 0001c000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcecc000-7fd3bcecd000 r--p 0001b000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcecd000-7fd3bcece000 rw-p 0001c000 b3:02 1444636 /lib/x86_64-linux-gnu/libaudit.so.1.0.0
7fd3bcece000-7fd3bced8000 rw-p 00000000 00:00 0
7fd3bced8000-7fd3bd098000 r-xp 00000000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd098000-7fd3bd298000 ---p 001c0000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd298000-7fd3bd29c000 r--p 001c0000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd29c000-7fd3bd29e000 rw-p 001c4000 b3:02 1444216 /lib/x86_64-linux-gnu/libc-2.23.so
7fd3bd29e000-7fd3bd2a2000 rw-p 00000000 00:00 0
7fd3bd2a2000-7fd3bd453000 r-xp 00000000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd453000-7fd3bd652000 ---p 001b1000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd652000-7fd3bd65a000 r--p 001b0000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd65a000-7fd3bd65c000 rw-p 001b8000 b3:02 262085 /usr/lib/x86_64-linux-gnu/libxml2.so.2.9.3
7fd3bd65c000-7fd3bd65d000 rw-p 00000000 00:00 0
7fd3bd65d000-7fd3bd660000 r-xp 00000000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd660000-7fd3bd85f000 ---p 00003000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd85f000-7fd3bd860000 r--p 00002000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd860000-7fd3bd861000 rw-p 00003000 b3:02 1444764 /lib/x86_64-linux-gnu/libpam_misc.so.0.82.0
7fd3bd861000-7fd3bd86e000 r-xp 00000000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bd86e000-7fd3bda6d000 ---p 0000d000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bda6d000-7fd3bda6e000 r--p 0000c000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bda6e000-7fd3bda6f000 rw-p 0000d000 b3:02 1444762 /lib/x86_64-linux-gnu/libpam.so.0.83.1
7fd3bda6f000-7fd3bda73000 r-xp 00000000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bda73000-7fd3bdc73000 ---p 00004000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bdc73000-7fd3bdc74000 r--p 00004000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bdc74000-7fd3bdc75000 rw-p 00005000 b3:02 1444649 /lib/x86_64-linux-gnu/libcap.so.2.24
7fd3bdc75000-7fd3bdc9b000 r-xp 00000000 b3:02 1439061 /lib/x86_64-linux-gnu/ld-2.23.so
7fd3bde75000-7fd3bde7f000 rw-p 00000000 00:00 0
7fd3bde99000-7fd3bde9a000 rw-p 00000000 00:00 0
7fd3bde9a000-7fd3bde9b000 r--p 00025000 b3:02 1439061 /lib/x86_64-linux-gnu/ld-2.23.so
7fd3bde9b000-7fd3bde9c000 rw-p 00026000 b3:02 1439061 /lib/x86_64-linux-gnu/ld-2.23.so
7fd3bde9c000-7fd3bde9d000 rw-p 00000000 00:00 0
7ffd7e85c000-7ffd7e87d000 rw-p 00000000 00:00 0 [stack]
7ffd7e904000-7ffd7e907000 r--p 00000000 00:00 0 [vvar]
7ffd7e907000-7ffd7e909000 r-xp 00000000 00:00 0 [vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Aborted (core dumped)

Multiple soundness issues in owning_ref

• OwningRef::map_with_owner is unsound and may result in a use-after-free.
• OwningRef::map is unsound and may result in a use-after-free.
• OwningRefMut::as_owner and OwningRefMut::as_owner_mut are unsound and may result in a use-after-free.
• The crate violates Rust's aliasing rules, which may cause miscompilations on recent compilers that emit the LLVM noalias attribute.

No patched versions are available at this time. While a pull request with some fixes is outstanding, the maintainer appears to be unresponsive.

See advisory page for additional details.

https://github.com/SamerW/RootAsRole/blob/f1e73b1f3483b9e030a9226a94f99a563a524389/src/capabilities.c#L197

there seems to be 2 identical tests, is this supposed to be?

Out-of-bounds write in nix::unistd::getgrouplist

On certain platforms, if a user has more than 16 groups, the
nix::unistd::getgrouplist function will call the libc getgrouplist
function with a length parameter greater than the size of the buffer it
provides, resulting in an out-of-bounds write and memory corruption.

The libc getgrouplist function takes an in/out parameter ngroups
specifying the size of the group buffer. When the buffer is too small to
hold all of the requested user's group memberships, some libc
implementations, including glibc and Solaris libc, will modify ngroups
to indicate the actual number of groups for the user, in addition to
returning an error. The version of nix::unistd::getgrouplist in nix
0.16.0 and up will resize the buffer to twice its size, but will not
read or modify the ngroups variable. Thus, if the user has more than
twice as many groups as the initial buffer size of 8, the next call to
getgrouplist will then write past the end of the buffer.

The issue would require editing /etc/groups to exploit, which is usually
only editable by the root user.

See advisory page for additional details.

Is your feature request related to a problem? Please describe.
Config file could be manually problematic.

Describe the solution you'd like
A JSON5 file configuration. and being schema validated through

Describe alternatives you've considered
Yaml and JSON does not really solve usability issue, so JSON5 may be a good answer. KDL is promising but maybe less compatible than json5.

Additional context
This is following many conversations in reddit and on linuxFR.

Describe the solution you'd like
Create release binaries for Linux common distros

Describe alternatives you've considered
It needs more security audit before.