Page MenuHomeFreeBSD
Differential D52286

getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS
ClosedPublic
Actions

Authored by olce on Aug 29 2025, 11:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 11, 1:53 PM
Unknown Object (File)
Sat, Oct 11, 1:53 PM
Unknown Object (File)
Sat, Oct 11, 1:53 PM
Unknown Object (File)
Sat, Oct 11, 1:53 PM
Unknown Object (File)
Sat, Oct 11, 9:01 AM
Unknown Object (File)
Sat, Oct 11, 5:55 AM
Unknown Object (File)
Sat, Oct 11, 5:35 AM
Unknown Object (File)
Fri, Oct 3, 4:58 PM
View All 28 Files
Subscribers
emaste
gbe
imp
ziaee

Details

Reviewers
kevans
gbe
Commits
rG67cf21e16faf: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS
rG2932e6f59bff: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS
rG4be38acc826f: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS
Summary

Clarify and be more precise about the behavior of getgroups(2), in
particular with respect to 'gidsetlen'.

Prefer a terminology referring to POSIX terms, i.e., use "supplementary
groups" instead of "group access list".

Say that getgroups(2) reports the supplementary groups in strictly
ascending order and returns the cardinal of the set they form (and
mention this has been the case since FreeBSD 14.3).

Add a new SECURITY CONSIDERATIONS section contrasting the new behavior
after commit 9da2fe96ff2e ("kern: fix setgroups(2) and getgroups(2) to
match other platforms") with the historical one.

While here, fix some style.

Sponsored by: The FreeBSD Foundation

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

olce created this revision.Aug 29 2025, 11:05 PM
Herald added subscribers: ziaee, imp. · View Herald TranscriptAug 29 2025, 11:05 PM
olce requested review of this revision.Aug 29 2025, 11:05 PM
Harbormaster completed remote builds in B66689: Diff 161252.Aug 29 2025, 11:05 PM
gbe accepted this revision.Aug 30 2025, 4:53 AM
gbe added a subscriber: gbe.

LGTM from manpages

This revision is now accepted and ready to land.Aug 30 2025, 4:53 AM
olce updated this revision to Diff 162139.Tue, Sep 16, 10:16 AM
olce edited the summary of this revision. (Show Details)
  • Emphasize that the supplementary groups form a set, and that the number of elements we return is its cardinal.
  • SECURITY CONSIDERATIONS: Emphasize that the effective GID is not necessarily part of the set, and that initgroups(3) and setgroups(2) differ in this respect.
  • "current process" => "calling process"
This revision now requires review to proceed.Tue, Sep 16, 10:16 AM
Harbormaster completed remote builds in B67076: Diff 162139.Tue, Sep 16, 10:16 AM
This revision was not accepted when it landed; it landed in state Needs Review.Wed, Sep 17, 12:21 PM
Closed by commit rG4be38acc826f: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS (authored by olce). · Explain Why
This revision was automatically updated to reflect the committed changes.
olce added a commit: rG4be38acc826f: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS.
olce added a commit: rG2932e6f59bff: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS.Tue, Sep 23, 12:04 PM
olce added a commit: rG67cf21e16faf: getgroups.2: Clarify, mention ascending order, add SECURITY CONSIDERATIONS.Fri, Oct 10, 5:17 PM

Revision Contents
Changeset List

PathSize
lib/
libsys/
94 lines

Diff 162254

View Options

lib/libsys/getgroups.2

Loading...