Page MenuHomeFreeBSD
Differential D51647

kern: rename crsetgroups_fallback, document it in ucred(9)
ClosedPublic
Actions

Authored by kevans on Thu, Jul 31, 5:00 AM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Aug 15, 5:06 AM
Unknown Object (File)
Fri, Aug 15, 1:23 AM
Unknown Object (File)
Thu, Aug 14, 12:43 PM
Unknown Object (File)
Wed, Aug 13, 5:58 PM
Unknown Object (File)
Mon, Aug 11, 7:26 AM
Unknown Object (File)
Wed, Aug 6, 4:00 PM
Unknown Object (File)
Tue, Aug 5, 9:21 PM
Unknown Object (File)
Tue, Aug 5, 3:52 PM
View All 15 Files
Subscribers
imp
ziaee

Details

Reviewers
olce
Group Reviewers
manpages
Commits
rGf61c48f4403f: kern: rename crsetgroups_fallback, document it in ucred(9)
Summary

Most kernel ucred modification should likely be using this API, rather
than crsetgroups() directly, to avoid potential security issues. As of
FreeBSD 15.0, crsetgroups() *only* sets supplementary groups, while
crsetgroups_and_egid() will do both using an array of the same style
that previous versions used for crsetgroups() -- i.e., the first element
is the egid, and the remainder are supplementary groups.

Unlike the previous iteration of crsetgroups(), crsetgroups_and_egid()
is less prone to misuse as the caller must provide a default egid to use
in case the array is empty. This is particularly useful for groups
being set from data provided by userland.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 65857
Build 62740: arc lint + arc unit

Event Timeline

kevans created this revision.Thu, Jul 31, 5:00 AM
Herald added subscribers: ziaee, imp. · View Herald TranscriptThu, Jul 31, 5:00 AM
kevans requested review of this revision.Thu, Jul 31, 5:00 AM
Harbormaster completed remote builds in B65857: Diff 159483.Thu, Jul 31, 5:00 AM
kevans added a parent revision: D51646: kern: add a new ucred flag for groups having been set.Thu, Jul 31, 5:00 AM
kevans added a reviewer: manpages.Thu, Jul 31, 5:04 AM
olce accepted this revision.EditedThu, Jul 31, 2:16 PM

The first sentence of the commit message ("Most kernel ucred modification should likely be using this API, rather than crsetgroups() directly, to avoid potential security issues.") is probably too strong. Putting it first obfuscates somewhat the bulk of the message, i.e., the fact that crsetgroups_and_egid() is in fact tailored to an already existing array with the effective gid in slot 0, whereas crsetgroups() only takes an array of supplementary groups. crsetgroups_and_egid() should be the preferred API only for an already existing array supposed to have the egid in the first slot.

Suggested by: olce
This revision is now accepted and ready to land.Thu, Jul 31, 2:16 PM
Closed by commit rGf61c48f4403f: kern: rename crsetgroups_fallback, document it in ucred(9) (authored by kevans). · Explain WhyFri, Aug 1, 12:51 AM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rGf61c48f4403f: kern: rename crsetgroups_fallback, document it in ucred(9).

Revision Contents
Changeset List

PathSize
share/
man/
man9/
19 lines
sys/
fs/
nfs/
2 lines
2 lines
nfsserver/
2 lines
2 lines
kern/
10 lines
4 lines
rpc/
rpcsec_gss/
2 lines
4 lines
sys/
4 lines

Diff 159483

View Options

share/man/man9/ucred.9

Loading...
View Options

sys/fs/nfs/nfs_commonport.c

Loading...
View Options

sys/fs/nfs/nfs_commonsubs.c

Loading...
View Options

sys/fs/nfsserver/nfs_nfsdport.c

Loading...
View Options

sys/fs/nfsserver/nfs_nfsdsocket.c

Loading...
View Options

sys/kern/kern_prot.c

Loading...
View Options

sys/kern/vfs_export.c

Loading...
View Options

sys/rpc/rpcsec_gss/svc_rpcsec_gss.c

Loading...
View Options

sys/rpc/svc_auth.c

Loading...
View Options

sys/sys/ucred.h

Loading...