Page MenuHomeFreeBSD
Differential D40642

cr_canseeothergids(): Use real instead of effective group membership
ClosedPublic
Actions

Authored by olce on Jun 20 2023, 1:45 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 14, 8:22 AM
Unknown Object (File)
Wed, Nov 27, 6:19 PM
Unknown Object (File)
Nov 25 2024, 7:34 PM
Unknown Object (File)
Nov 24 2024, 2:45 PM
Unknown Object (File)
Nov 23 2024, 12:44 AM
Unknown Object (File)
Nov 21 2024, 9:01 AM
Unknown Object (File)
Nov 20 2024, 12:48 AM
Unknown Object (File)
Nov 18 2024, 2:30 PM
View All 80 Files
Subscribers
emaste
imp
jamie
mhorne

Details

Reviewers
mjg
kib
dchagin
mhorne
olce
Commits
rGf0951233c6d3: cr_canseeothergids(): Use real instead of effective group membership
rG26ff4836c888: cr_canseeothergids(): Use real instead of effective group membership
rGf482bc958437: cr_canseeothergids(): Use real instead of effective group membership
rG91658080f1a5: cr_canseeothergids(): Use real instead of effective group membership
Summary

Using the effective group and not the real one when testing membership has the
consequence that unprivileged processes cannot see setuid commands they launch
until these have relinquished their privileges. This is also in contradiction
with how the similar cr_canseeotheruids() works, i.e., by taking into account
real user IDs.

Fix this by substituting groupmember() with realgroupmember(). While here,
simplify the code.

PR: 272093

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 52740
Build 49631: arc lint + arc unit

Event Timeline

olce created this revision.Jun 20 2023, 1:45 PM
Herald added a subscriber: imp. · View Herald TranscriptJun 20 2023, 1:45 PM
olce requested review of this revision.Jun 20 2023, 1:45 PM
Harbormaster completed remote builds in B52177: Diff 123508.Jun 20 2023, 1:45 PM
olce added a parent revision: D40641: New realgroupmember().Jun 20 2023, 2:11 PM
olce added a child revision: D40643: realgroupmember(9): Link to groupmember(9), document the function.
olce added reviewers: mjg, kib, dchagin.Jun 20 2023, 9:03 PM
emaste added a subscriber: jamie.Jun 29 2023, 4:09 PM
emaste added a subscriber: emaste.
mhorne added a subscriber: mhorne.Jul 7 2023, 4:12 PM

The change requires some elaboration in the description. The text from the PR would be fine.

sys/kern/kern_prot.c
1414–1415

This is a style regression. Even though see_other_gids has an int type, it is a boolean variable and so we should check its truthiness directly.

olce updated this revision to Diff 124437.Jul 10 2023, 3:17 PM
olce edited the summary of this revision. (Show Details)

Fix style of the test on see_other_gids.

Harbormaster completed remote builds in B52540: Diff 124437.Jul 10 2023, 3:17 PM
olce marked an inline comment as done.Jul 10 2023, 3:17 PM
mhorne accepted this revision.Jul 11 2023, 4:58 PM
mhorne added inline comments.
sys/kern/kern_prot.c
1416–1426

My only clarification... u1->cr_groups[0] contains the effective gid, right? That is why you have split this statement from the loop?

This revision is now accepted and ready to land.Jul 11 2023, 4:58 PM
olce marked an inline comment as done.Jul 11 2023, 5:28 PM
olce added inline comments.
sys/kern/kern_prot.c
1416–1426

Exactly. That's also why next loop starts with index 1.

olce marked an inline comment as done.Jul 11 2023, 5:29 PM
olce updated this revision to Diff 124903.Jul 20 2023, 10:35 AM
olce retitled this revision from cr_seeothergids(): Use real instead of effective group membership to cr_canseeothergids(): Use real instead of effective group membership.
olce edited the summary of this revision. (Show Details)

'cr_see*' => 'cr_cansee*' (suppressed a rename in the stack).

This revision now requires review to proceed.Jul 20 2023, 10:35 AM
Harbormaster completed remote builds in B52740: Diff 124903.Jul 20 2023, 10:35 AM
olce accepted this revision.Jul 20 2023, 10:37 AM

Impacts of (suppressing) the rename, so re-validating.

This revision is now accepted and ready to land.Jul 20 2023, 10:37 AM
Closed by commit rG91658080f1a5: cr_canseeothergids(): Use real instead of effective group membership (authored by olce, committed by mhorne). · Explain WhySep 28 2023, 3:12 PM
This revision was automatically updated to reflect the committed changes.
mhorne added a commit: rG91658080f1a5: cr_canseeothergids(): Use real instead of effective group membership.
mhorne added a commit: rGf482bc958437: cr_canseeothergids(): Use real instead of effective group membership.Oct 17 2023, 7:44 PM
mhorne added a commit: rG26ff4836c888: cr_canseeothergids(): Use real instead of effective group membership.Oct 18 2023, 6:10 PM
olce added a commit: rGf0951233c6d3: cr_canseeothergids(): Use real instead of effective group membership.Dec 21 2023, 1:46 PM

Revision Contents
Changeset List

PathSize
sys/
kern/
23 lines

Diff 124903

View Options

sys/kern/kern_prot.c

Loading...