Page MenuHomeFreeBSD
Differential D51508

chroot: don't clobber the egid with the first supplemental group
ClosedPublic
Actions

Authored by kevans on Jul 25 2025, 5:43 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 25, 8:55 PM
Unknown Object (File)
Sun, Nov 16, 12:34 AM
Unknown Object (File)
Nov 2 2025, 9:43 AM
Unknown Object (File)
Oct 29 2025, 9:55 AM
Unknown Object (File)
Oct 27 2025, 4:54 AM
Unknown Object (File)
Oct 26 2025, 12:08 AM
Unknown Object (File)
Oct 21 2025, 8:11 AM
Unknown Object (File)
Oct 16 2025, 5:56 PM
View All 38 Files
Subscribers
imp

Details

Reviewers
emaste
des
olce
Commits
rG48fd05999b0f: chroot: don't clobber the egid with the first supplemental group
Summary

There are two problems here, really:

1.) If -G is specified, the egid of the runner will get clobbered by

the first supplemental group

2.) If both -G and -g are specified, the first supplemental group will

get clobbered by the -g group

Ideally our users shouldn't have to understand the quirks of our
setgroups(2) and the manpage doesn't describe the group list as needing
to contain the egid, so populate the egid slot as necessary.

I note that this code seems to have already been marginally aware of the
historical behavior because it was allocating NGROUPS_MAX + 1, but this
is an artifact of a later conversion to doing dynamic allocations
instead of pushing NGROUPS_MAX arrays on the stack -- the original code
did in-fact only have an NGROUPS_MAX-sized array, and the layout was
still incorrect.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
usr.sbin/
chroot/
7 lines

Diff 159172

View Options

usr.sbin/chroot/chroot.c

Loading...