The branch main has been updated by kevans:
URL:
https://cgit.FreeBSD.org/src/commit/?id=0d843cc2e2a373f01f90453712c62b6bdcb12298
commit 0d843cc2e2a373f01f90453712c62b6bdcb12298
Author: Kyle Evans <kev...@freebsd.org>
AuthorDate: 2025-08-26 22:49:25 +0000
Commit: Kyle Evans <kev...@freebsd.org>
CommitDate: 2025-08-26 22:49:25 +0000
hastd: update assertion for new setgroups/getgroups behavior
We had fixed some of the assertions here, but I had overlooked one more
that doesn't make any sense. We could coalesce these two at the end,
but I guess it's good to be sure that getgroups(2) doesn't have some
bug where we'll feed userspace a GID if it makes room for it.
Reported by: S. Ross Gohlke <ross bisd ro>
Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) [...]")
---
sbin/hastd/subr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c
index 284fb0d07647..add1280e960b 100644
--- a/sbin/hastd/subr.c
+++ b/sbin/hastd/subr.c
@@ -284,7 +284,7 @@ drop_privs(const struct hast_resource *res)
PJDLOG_VERIFY(rgid == pw->pw_gid);
PJDLOG_VERIFY(egid == pw->pw_gid);
PJDLOG_VERIFY(sgid == pw->pw_gid);
- PJDLOG_VERIFY(getgroups(0, NULL) == 1);
+ PJDLOG_VERIFY(getgroups(0, NULL) == 0);
PJDLOG_VERIFY(getgroups(1, gidset) == 0);
pjdlog_debug(1,
