svn commit: r328942 - in stable/11/lib/libc: gen sys

Tue, 06 Feb 2018 11:10:02 -0800 

Author: mckusick
Date: Tue Feb  6 19:09:03 2018
New Revision: 328942
URL: https://svnweb.freebsd.org/changeset/base/328942

Log:
  MFC of 328304 and 328382.
  
  Do not dedup egid (group entry 0)

Modified:
  stable/11/lib/libc/gen/getgrent.c
  stable/11/lib/libc/sys/setgroups.2
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/lib/libc/gen/getgrent.c
==============================================================================
--- stable/11/lib/libc/gen/getgrent.c   Tue Feb  6 18:01:41 2018        
(r328941)
+++ stable/11/lib/libc/gen/getgrent.c   Tue Feb  6 19:09:03 2018        
(r328942)
@@ -434,7 +434,7 @@ gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *g
 {
        int     ret, dupc;
 
-       for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) {
+       for (dupc = 1; dupc < MIN(maxgrp, *grpcnt); dupc++) {
                if (groups[dupc] == gid)
                        return 1;
        }

Modified: stable/11/lib/libc/sys/setgroups.2
==============================================================================
--- stable/11/lib/libc/sys/setgroups.2  Tue Feb  6 18:01:41 2018        
(r328941)
+++ stable/11/lib/libc/sys/setgroups.2  Tue Feb  6 19:09:03 2018        
(r328942)
@@ -28,7 +28,7 @@
 .\"     @(#)setgroups.2        8.2 (Berkeley) 4/16/94
 .\" $FreeBSD$
 .\"
-.Dd April 16, 1994
+.Dd January 19, 2018
 .Dt SETGROUPS 2
 .Os
 .Sh NAME
@@ -56,6 +56,23 @@ more than
 .Dv {NGROUPS_MAX}+1 .
 .Pp
 Only the super-user may set a new group list.
+.Pp
+The first entry of the group array
+.Pq Va gidset[0]
+is used as the effective group-ID for the process.
+This entry is over-written when a setgid program is run.
+To avoid losing access to the privileges of the
+.Va gidset[0]
+entry, it should be duplicated later in the group array.
+By convention,
+this happens because the group value indicated
+in the password file also appears in
+.Pa /etc/group .
+The group value in the password file is placed in
+.Va gidset[0]
+and that value then gets added a second time when the
+.Pa /etc/group
+file is scanned to create the group set.
 .Sh RETURN VALUES
 .Rv -std setgroups
 .Sh ERRORS
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"

Reply via email to