comsat: Use initgroups and setgid not just setuid
ClosedPublic
Actions

Authored by emaste on Nov 28 2024, 4:56 PM.

Details

Reviewers

kevans
jlduran

Commits

rGbb9678f1ff68: comsat: Use initgroups and setgid not just setuid
rGd4dd9e22c138: comsat: Use initgroups and setgid not just setuid

Summary

Obtained from:  NetBSD

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

emaste requested review of this revision.Nov 28 2024, 4:56 PM

emaste created this revision.

emaste added a reviewer: jlduran.Nov 29 2024, 4:46 PM

jlduran accepted this revision.Nov 29 2024, 10:21 PM

jlduran added inline comments.

libexec/comsat/comsat.c
214–215	I would suggest also updating this comment

This revision is now accepted and ready to land.Nov 29 2024, 10:21 PM

One thing I've noticed is that NetBSD moved the setting of groups/uid/gid earlier to inside notify() (https://github.com/NetBSD/src/commit/46b017828cee516770586497237aed6182b1decf). I think failing earlier is also a good move.

Closed by commit rGd4dd9e22c138: comsat: Use initgroups and setgid not just setuid (authored by emaste). · Explain WhyDec 1 2024, 8:31 PM

This revision was automatically updated to reflect the committed changes.

emaste added a commit: rGd4dd9e22c138: comsat: Use initgroups and setgid not just setuid.

Herald added a subscriber: imp. · View Herald TranscriptDec 1 2024, 8:31 PM

In D47828#1090817, @jlduran wrote:

One thing I've noticed is that NetBSD moved the setting of groups/uid/gid earlier to inside notify() (https://github.com/NetBSD/src/commit/46b017828cee516770586497237aed6182b1decf). I think failing earlier is also a good move.

Not a bad idea, can follow up with that (and check for any other improvements from NetBSD or OpenBSD)

emaste added a commit: rGbb9678f1ff68: comsat: Use initgroups and setgid not just setuid.Dec 4 2024, 6:39 PM

des mentioned this in rG1501ecebf5af: comsat: Improve use of setuid().Aug 5 2025, 11:52 AM