comsat: Use initgroups and setgid not just setuid
ClosedPublic
Actions

Authored by emaste on Thu, Nov 28, 4:56 PM.

Details

Reviewers

kevans
jlduran

Commits

rGbb9678f1ff68: comsat: Use initgroups and setgid not just setuid
rGd4dd9e22c138: comsat: Use initgroups and setgid not just setuid

Summary

Obtained from:  NetBSD

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

emaste requested review of this revision.Thu, Nov 28, 4:56 PM

emaste created this revision.

emaste added a reviewer: jlduran.Fri, Nov 29, 4:46 PM

jlduran accepted this revision.Fri, Nov 29, 10:21 PM

jlduran added inline comments.

libexec/comsat/comsat.c
215	I would suggest also updating this comment

This revision is now accepted and ready to land.Fri, Nov 29, 10:21 PM

One thing I've noticed is that NetBSD moved the setting of groups/uid/gid earlier to inside notify() (https://github.com/NetBSD/src/commit/46b017828cee516770586497237aed6182b1decf). I think failing earlier is also a good move.

Closed by commit rGd4dd9e22c138: comsat: Use initgroups and setgid not just setuid (authored by emaste). · Explain WhySun, Dec 1, 8:31 PM

This revision was automatically updated to reflect the committed changes.

emaste added a commit: rGd4dd9e22c138: comsat: Use initgroups and setgid not just setuid.

Herald added a subscriber: imp. · View Herald TranscriptSun, Dec 1, 8:31 PM

In D47828#1090817, @jlduran wrote:

One thing I've noticed is that NetBSD moved the setting of groups/uid/gid earlier to inside notify() (https://github.com/NetBSD/src/commit/46b017828cee516770586497237aed6182b1decf). I think failing earlier is also a good move.

Not a bad idea, can follow up with that (and check for any other improvements from NetBSD or OpenBSD)

emaste added a commit: rGbb9678f1ff68: comsat: Use initgroups and setgid not just setuid.Wed, Dec 4, 6:39 PM