git: 052d8f6acf46 - stable/15 - unix: SCM_CREDS: Restore passing the effective GID
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 23 Sep 2025 12:03:26 UTC
The branch stable/15 has been updated by olce:
URL: https://cgit.FreeBSD.org/src/commit/?id=052d8f6acf46843bd672f44ff2a09497408eed57
commit 052d8f6acf46843bd672f44ff2a09497408eed57
Author: Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-08-26 17:01:03 +0000
Commit: Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-09-23 12:02:40 +0000
unix: SCM_CREDS: Restore passing the effective GID
cmcred_groups[0] in 'struct cmsgcred' must be the effective GID.
Note that the code in unp_addsockcred() filling up 'struct
sockcred'/'struct sockcred2' (LOCAL_CREDS/LOCAL_CREDS_PERSISTENT
options) was in fact "wrong" before 'cr_gid' was moved out of
cr_groups[], in the sense that it would transmit the effective GID
twice, both separately as 'sc_egid' and as the first element of
'sc_groups'. It is now exact, so is left unchanged, which causes
a difference in output (the effective GID is no more in 'sc_groups',
unless it is also a supplementary group) that is unlikely to affect
applications in practice.
Reviewed by: glebius
Fixes: be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 5 days
MFC to: stable/15
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52262
(cherry picked from commit c5e920e49c0cf068da3962688cc60ab514ea1252)
---
sys/kern/uipc_usrreq.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c
index 6138e543fae7..340d84666459 100644
--- a/sys/kern/uipc_usrreq.c
+++ b/sys/kern/uipc_usrreq.c
@@ -3667,11 +3667,14 @@ unp_internalize(struct mbuf *control, struct mchain *mc, struct thread *td)
cmcred->cmcred_uid = td->td_ucred->cr_ruid;
cmcred->cmcred_gid = td->td_ucred->cr_rgid;
cmcred->cmcred_euid = td->td_ucred->cr_uid;
- cmcred->cmcred_ngroups = MIN(td->td_ucred->cr_ngroups,
+ _Static_assert(CMGROUP_MAX >= 1,
+ "Room needed for the effective GID.");
+ cmcred->cmcred_ngroups = MIN(td->td_ucred->cr_ngroups + 1,
CMGROUP_MAX);
- for (i = 0; i < cmcred->cmcred_ngroups; i++)
+ cmcred->cmcred_groups[0] = td->td_ucred->cr_gid;
+ for (i = 1; i < cmcred->cmcred_ngroups; i++)
cmcred->cmcred_groups[i] =
- td->td_ucred->cr_groups[i];
+ td->td_ucred->cr_groups[i - 1];
break;
case SCM_RIGHTS: