Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 19 Dec 2025 09:19:02 +0000
From:      Olivier Certner <olce@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Cc:        Kyle Evans <kevans@FreeBSD.org>
Subject:   git: d913e3fe23b5 - stable/14 - tftpd: explicitly set egid after dropping supplemental groups
Message-ID:  <69451886.3eec8.3b54eb72@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=d913e3fe23b538bf602a58d5cdf1438c16a8e41d

commit d913e3fe23b538bf602a58d5cdf1438c16a8e41d
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-07-24 14:59:07 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-12-19 09:16:43 +0000

    tftpd: explicitly set egid after dropping supplemental groups
    
    tftpd seems to be the last program in base that implicitly relies on
    setgroups() to set the egid.  This is a security landmine in portable
    software as most operating systems don't behave this way, so do an
    explicit setgid() in case the kernel doesn't set it already.
    
    While we're here, FreeBSD's setgroups() has supported nominally clearing
    all supplemental groups since 1997.  It still leaves the egid in our
    cr_groups[0] because we don't have an out-of-band way to store the egid,
    and on other systems it'll clear the supplemental group entirely as one
    would want.
    
    Reviewed by:    allanjude (previous version), des, olce
    Differential Revision:  https://reviews.freebsd.org/D51149
    
    (cherry picked from commit 5138a20765c76cdc8f245d3d7caeffe9a9011bb2)
---
 libexec/tftpd/tftpd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index 81bc79fc2c12..d27054b757f8 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -363,10 +363,14 @@ main(int argc, char *argv[])
 			tftp_log(LOG_ERR, "chdir: %s", strerror(errno));
 			exit(1);
 		}
-		if (setgroups(1, &nobody->pw_gid) != 0) {
+		if (setgroups(0, NULL) != 0) {
 			tftp_log(LOG_ERR, "setgroups failed");
 			exit(1);
 		}
+		if (setgid(nobody->pw_gid) != 0) {
+			tftp_log(LOG_ERR, "setgid failed");
+			exit(1);
+		}
 		if (setuid(nobody->pw_uid) != 0) {
 			tftp_log(LOG_ERR, "setuid failed");
 			exit(1);
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69451886.3eec8.3b54eb72>