From nobody Sat Jul 26 06:12:13 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bpvXY6K5hz6379k; Sat, 26 Jul 2025 06:12:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4bpvXY4F0Mz3pRQ; Sat, 26 Jul 2025 06:12:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753510333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hMnDf3M46PwQ3UM5hEpBYpXcSGUvX95g0yiAyhtQeyU=; b=qZ5VCQT3Ii36ygggYUwjw1c1avb3pJGLQGhP5985xlVFLb+jUeUPVAyaKUG9LkWqOr7FD2 O0yHxLyAqHrb0qkOu/ekabyKqFt13XytKNIb37Mcl87nT9t95YQAKN8L3ffsedUINSq/Ha jukln7QTZJ85GU+HCxAo0ZLVbliz3pbYphdGtbNc2w1ZtXtKlEueyo863tinHyR41knkdZ cPmlzLY0hlzp9iNWVPC7LuTzCU9PWKNt8MzMw2qpGU/lJ5mUK13EDR4kXTQ8ly6RwIIfxH 57tjCmmAOVC0TKAZzVxIb0lLcJpDNOI6dlXhGkqr3rwYyv+bJiV27m+Jk2Le1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1753510333; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=hMnDf3M46PwQ3UM5hEpBYpXcSGUvX95g0yiAyhtQeyU=; b=LzHgs/chm7FJzPR05DfLH3P2zPhG5FIawBmQjnl2QZPmV43Ns0LA/q40dq9MqLvGybFBNY mbfl8C8QDnEicLW98UeZZim5KfDz1aYDTopSLVI3Xt91soVjlVHM8Rz1fhDArpfpP2yGEy C2peOVB+68xSlgHUOfbmjT6xdSADUw5luGmTO0Tmjofw6ze6SbwobeGfZXeWCBSef95tr1 9+gw8ug0T63tTf3Ntu7lZP58Um6BA/R1QLiUllLraGumIzyK4/tyeQAnBVkHlkFlwJDg69 h5slgH/sDTl1FgsJ3eagYkKGHJH9QGWxuAzCUqSWl5U5mFnADg9rd9WLccV2Qw== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1753510333; a=rsa-sha256; cv=none; b=yNShn1rbTZ8srQtsYHFJzN++OAC2XraEnflblQZF3ZcgwL7WbNwtB9hWpaZBKPvTpxKKpw zXDx2XMJOGu65P+qiyq6J9helPbLebg8N54TMXTTQIl7btK4GETcgJErEzdcut/qvUs8t8 HTOqduw86iwImoDkkjGBfK2s87HatEcxyfT6/utmNaBRi0uG99IIQGw3YIWk2o/+ku09rs BXmrnHJ//xQK7wt00IH1pOncG1ssE+fdx0j6KM2vRUAxBV5OVfAZipcSYUCZF6ifulC06K LR+QlYQnodSrSlFVpQye3azwvytiFHvbn4aMGkza2oACIzbu7oynADrMnHYOsg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bpvXY3rBdz2Tn; Sat, 26 Jul 2025 06:12:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 56Q6CD8e036843; Sat, 26 Jul 2025 06:12:13 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 56Q6CDxm036840; Sat, 26 Jul 2025 06:12:13 GMT (envelope-from git) Date: Sat, 26 Jul 2025 06:12:13 GMT Message-Id: <202507260612.56Q6CDxm036840@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: 48fd05999b0f - main - chroot: don't clobber the egid with the first supplemental group List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 48fd05999b0f8e822fbf7069779378d103a35f5c Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=48fd05999b0f8e822fbf7069779378d103a35f5c commit 48fd05999b0f8e822fbf7069779378d103a35f5c Author: Kyle Evans AuthorDate: 2025-07-26 06:11:58 +0000 Commit: Kyle Evans CommitDate: 2025-07-26 06:11:58 +0000 chroot: don't clobber the egid with the first supplemental group There are two problems here, really: 1.) If -G is specified, the egid of the runner will get clobbered by the first supplemental group 2.) If both -G and -g are specified, the first supplemental group will get clobbered by the -g group Ideally our users shouldn't have to understand the quirks of our setgroups(2) and the manpage doesn't describe the group list as needing to contain the egid, so populate the egid slot as necessary. I note that this code seems to have already been marginally aware of the historical behavior because it was allocating NGROUPS_MAX + 1, but this is an artifact of a later conversion to doing dynamic allocations instead of pushing NGROUPS_MAX arrays on the stack -- the original code did in-fact only have an NGROUPS_MAX-sized array, and the layout was still incorrect. MFC after: 3 days Reviewed by: olce Differential Revision: https://reviews.freebsd.org/D51508 --- usr.sbin/chroot/chroot.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/usr.sbin/chroot/chroot.c b/usr.sbin/chroot/chroot.c index 32becaf12588..bd4932ee9b48 100644 --- a/usr.sbin/chroot/chroot.c +++ b/usr.sbin/chroot/chroot.c @@ -111,7 +111,12 @@ main(int argc, char *argv[]) ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1; if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL) err(1, "malloc"); - for (gids = 0; + /* Populate the egid slot in our groups to avoid accidents. */ + if (gid == 0) + gidlist[0] = getegid(); + else + gidlist[0] = gid; + for (gids = 1; (p = strsep(&grouplist, ",")) != NULL && gids < ngroups_max; ) { if (*p == '\0') continue;