Date: Tue, 6 Feb 2018 19:09:49 +0000 (UTC) From: Kirk McKusick <mckusick@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-10@freebsd.org Subject: svn commit: r328943 - in stable/10/lib/libc: gen sys Message-ID: <201802061909.w16J9nOi042752@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: mckusick Date: Tue Feb 6 19:09:49 2018 New Revision: 328943 URL: https://svnweb.freebsd.org/changeset/base/328943 Log: MFC of 328304 and 328382. Do not dedup egid (group entry 0) Modified: stable/10/lib/libc/gen/getgrent.c stable/10/lib/libc/sys/setgroups.2 Directory Properties: stable/10/ (props changed) Modified: stable/10/lib/libc/gen/getgrent.c ============================================================================== --- stable/10/lib/libc/gen/getgrent.c Tue Feb 6 19:09:03 2018 (r328942) +++ stable/10/lib/libc/gen/getgrent.c Tue Feb 6 19:09:49 2018 (r328943) @@ -433,7 +433,7 @@ gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *g { int ret, dupc; - for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { + for (dupc = 1; dupc < MIN(maxgrp, *grpcnt); dupc++) { if (groups[dupc] == gid) return 1; } Modified: stable/10/lib/libc/sys/setgroups.2 ============================================================================== --- stable/10/lib/libc/sys/setgroups.2 Tue Feb 6 19:09:03 2018 (r328942) +++ stable/10/lib/libc/sys/setgroups.2 Tue Feb 6 19:09:49 2018 (r328943) @@ -28,7 +28,7 @@ .\" @(#)setgroups.2 8.2 (Berkeley) 4/16/94 .\" $FreeBSD$ .\" -.Dd April 16, 1994 +.Dd January 19, 2018 .Dt SETGROUPS 2 .Os .Sh NAME @@ -56,6 +56,23 @@ more than .Dv {NGROUPS_MAX}+1 . .Pp Only the super-user may set a new group list. +.Pp +The first entry of the group array +.Pq Va gidset[0] +is used as the effective group-ID for the process. +This entry is over-written when a setgid program is run. +To avoid losing access to the privileges of the +.Va gidset[0] +entry, it should be duplicated later in the group array. +By convention, +this happens because the group value indicated +in the password file also appears in +.Pa /etc/group . +The group value in the password file is placed in +.Va gidset[0] +and that value then gets added a second time when the +.Pa /etc/group +file is scanned to create the group set. .Sh RETURN VALUES .Rv -std setgroups .Sh ERRORS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201802061909.w16J9nOi042752>