svn commit: r328943 - in stable/10/lib/libc: gen sys

Kirk McKusick mckusick at FreeBSD.org
Tue Feb 6 19:09:50 UTC 2018 

Author: mckusick
Date: Tue Feb  6 19:09:49 2018
New Revision: 328943
URL: https://svnweb.freebsd.org/changeset/base/328943

Log:
  MFC of 328304 and 328382.
  
  Do not dedup egid (group entry 0)

Modified:
  stable/10/lib/libc/gen/getgrent.c
  stable/10/lib/libc/sys/setgroups.2
Directory Properties:
  stable/10/   (props changed)

Modified: stable/10/lib/libc/gen/getgrent.c
==============================================================================
--- stable/10/lib/libc/gen/getgrent.c	Tue Feb  6 19:09:03 2018	(r328942)
+++ stable/10/lib/libc/gen/getgrent.c	Tue Feb  6 19:09:49 2018	(r328943)
@@ -433,7 +433,7 @@ gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *g
 {
 	int     ret, dupc;
 
-	for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) {
+	for (dupc = 1; dupc < MIN(maxgrp, *grpcnt); dupc++) {
 		if (groups[dupc] == gid)
 			return 1;
 	}

Modified: stable/10/lib/libc/sys/setgroups.2
==============================================================================
--- stable/10/lib/libc/sys/setgroups.2	Tue Feb  6 19:09:03 2018	(r328942)
+++ stable/10/lib/libc/sys/setgroups.2	Tue Feb  6 19:09:49 2018	(r328943)
@@ -28,7 +28,7 @@
 .\"     @(#)setgroups.2	8.2 (Berkeley) 4/16/94
 .\" $FreeBSD$
 .\"
-.Dd April 16, 1994
+.Dd January 19, 2018
 .Dt SETGROUPS 2
 .Os
 .Sh NAME
@@ -56,6 +56,23 @@ more than
 .Dv {NGROUPS_MAX}+1 .
 .Pp
 Only the super-user may set a new group list.
+.Pp
+The first entry of the group array
+.Pq Va gidset[0]
+is used as the effective group-ID for the process.
+This entry is over-written when a setgid program is run.
+To avoid losing access to the privileges of the
+.Va gidset[0]
+entry, it should be duplicated later in the group array.
+By convention,
+this happens because the group value indicated
+in the password file also appears in
+.Pa /etc/group .
+The group value in the password file is placed in
+.Va gidset[0]
+and that value then gets added a second time when the
+.Pa /etc/group
+file is scanned to create the group set.
 .Sh RETURN VALUES
 .Rv -std setgroups
 .Sh ERRORS

More information about the svn-src-all mailing list