From nobody Thu Jul 24 14:59:21 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bnvKj6MLzz62qv1;
	Thu, 24 Jul 2025 14:59:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bnvKj4Dh5z3V4S;
	Thu, 24 Jul 2025 14:59:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1753369161;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KEhMhzomXVmjrOC46yWkytzEZK6A+DiOhSUzCEIAJek=;
	b=ZkTxtJym/wg1EKbEaUr0MzDI+Ck0v5tlWrNwb25xGDrYifkJqL+wE7ex2hfiDkxlHc4bYf
	uxM0s0S+XTDt5AGXejfq5x+GEgWAaHelc4DwgpaXwfuo6l6/ilbvWI7kdtDfEt/U7RLkvM
	tBNCjj2WNPYzJ+ZpIOBzldFLpX3ohEIdDaVcTeEfg1oxTZA18wCfQsWZBRxNRsH9uy8JLk
	Kb1faar89LOArxj2+zYBSdwUiAa5arxtHZWGs1eBT1Yj7MGuUQ+q7g1gmF5TtlVm/6CcLS
	2yTJQ5E7WshAphABBMkLJpUxpiQzdD+1hSlaE1BPawiFOCWV9hzZN+L/OYgecQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1753369161;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=KEhMhzomXVmjrOC46yWkytzEZK6A+DiOhSUzCEIAJek=;
	b=jsbd2paIYv/0aIjO6xuhMmX0B8GkA2MIxz/V4CvHeGheX0Vvq+zDHN43ZSgAMvYLHUzwxY
	WdJ6E8rH31Hac267hbxIYfw2XrzKSTv12BsySE8N3MD+1L6CbjAaKD5aDtumq4nToahxOj
	Uj+GWYVLxQ8giXG9W7AuqjD+GcUZ5XZXSGivx61jnThqd2vdRuCPjsSAcJK0Fi8714VO/D
	8R/jyiNstvxP7GZ9QSuvlys7I3vLxU7i8By1KNpx3qcqGFUxo012aQehfMXGo9gQhASgIU
	17qLAHMmKLcPr23y9C7XctlFrJTNv5mz7QedqYrncO4I5dDoCLh8WoabE2ucUA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753369161; a=rsa-sha256; cv=none;
	b=bAd02DIzpLl70yYBkvONAwUm9rqTKJ4bbdFxjCNSksm9ZfT2wD1rZSoNiys81VJdhK5Ziw
	1Gqm/P/78eAmRl9kbALxfzYeRsTr8qPdOAGqfC7A62SA9uOvxyQFgktO9SdONcxVmYbB7n
	LbPGymvnC+3sLcxqmjP7UyZSKACV18zO2guiqkBJY/4rfDMbPcK8A+mCi5CXBpugSdTx/z
	prJHTpkpXxx8G4dwvb9KuW+VpF4X0rFc1yD/YpDW3K+zrV9vI1j7Sn/KMGyVQyBVL1EPck
	+VOK1O1laOEvDvpByxjw9WzVpSLnyNfeagiryGD56T6ED+TlB37xewelHwBHRA==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bnvKj2fLBz13T4;
	Thu, 24 Jul 2025 14:59:21 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56OExLTM011216;
	Thu, 24 Jul 2025 14:59:21 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56OExL1x011213;
	Thu, 24 Jul 2025 14:59:21 GMT
	(envelope-from git)
Date: Thu, 24 Jul 2025 14:59:21 GMT
Message-Id: <202507241459.56OExL1x011213@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kyle Evans <kevans@FreeBSD.org>
Subject: git: 5138a20765c7 - main - tftpd: explicitly set egid after
  dropping supplemental groups
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kevans
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 5138a20765c76cdc8f245d3d7caeffe9a9011bb2
Auto-Submitted: auto-generated

The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=5138a20765c76cdc8f245d3d7caeffe9a9011bb2

commit 5138a20765c76cdc8f245d3d7caeffe9a9011bb2
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-07-24 14:59:07 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-07-24 14:59:07 +0000

    tftpd: explicitly set egid after dropping supplemental groups
    
    tftpd seems to be the last program in base that implicitly relies on
    setgroups() to set the egid.  This is a security landmine in portable
    software as most operating systems don't behave this way, so do an
    explicit setgid() in case the kernel doesn't set it already.
    
    While we're here, FreeBSD's setgroups() has supported nominally clearing
    all supplemental groups since 1997.  It still leaves the egid in our
    cr_groups[0] because we don't have an out-of-band way to store the egid,
    and on other systems it'll clear the supplemental group entirely as one
    would want.
    
    Reviewed by:    allanjude (previous version), des, olce
    Differential Revision:  https://reviews.freebsd.org/D51149
---
 libexec/tftpd/tftpd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index f8f9bd549a2e..a3faee86e7d0 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -351,10 +351,14 @@ main(int argc, char *argv[])
 			tftp_log(LOG_ERR, "chdir: %s", strerror(errno));
 			exit(1);
 		}
-		if (setgroups(1, &nobody->pw_gid) != 0) {
+		if (setgroups(0, NULL) != 0) {
 			tftp_log(LOG_ERR, "setgroups failed");
 			exit(1);
 		}
+		if (setgid(nobody->pw_gid) != 0) {
+			tftp_log(LOG_ERR, "setgid failed");
+			exit(1);
+		}
 		if (setuid(nobody->pw_uid) != 0) {
 			tftp_log(LOG_ERR, "setuid failed");
 			exit(1);