setgroups.2: Add SECURITY CONSIDERATIONS, fix the groups limit, rework
ClosedPublic
Actions

Authored by olce on Aug 29 2025, 11:04 PM.

Details

Reviewers

Commits

rG7d5b7157e919: setgroups.2: Add SECURITY CONSIDERATIONS, rework
rG7132fb5edbc9: setgroups.2: Add SECURITY CONSIDERATIONS, fix the groups limit, rework
rG6d22cd6b5f8b: setgroups.2: Add SECURITY CONSIDERATIONS, fix the groups limit, rework

Summary

Add a new SECURITY CONSIDERATIONS section describing in details what the
new behavior is after commit 9da2fe96ff2e ("kern: fix setgroups(2) and
getgroups(2) to match other platforms"), what setgroups(2) does not
do anymore, and how programs using it are affected.

Fix the groups limit after commit 9da2fe96ff2e ("kern: fix setgroups(2)
and getgroups(2) to match other platforms").

Prefer a terminology referring to POSIX terms, i.e., use "effective
group list" instead of "group access list".

While here, fix some style.

Fixes: 9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to match other platforms")
Sponsored by: The FreeBSD Foundation

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

olce created this revision.Aug 29 2025, 11:04 PM

Herald added subscribers: ziaee, imp. · View Herald TranscriptAug 29 2025, 11:04 PM

olce requested review of this revision.Aug 29 2025, 11:04 PM

Harbormaster completed remote builds in B66687: Diff 161250.Aug 29 2025, 11:04 PM

Impacts of the paradigm change in D52282 in SECURITY CONSIDERATIONS. Relax the wording about applications passing the additional group/effective GID as the first element in setgroups(2). Mention that this is what initgroups(3) does.
Add notes about clearing all supplementary groups in HISTORY and SECURITY CONSIDERATIONS.
Use "calling process" instead of "current process".
Be explicit on gidset not being used at all when ngroups is 0 (replacing the old ambiguous formulation).
"GID" => "group ID", consistently with other manual pages.