From nobody Fri Dec 19 09:19:02 2025
X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dXhml2F1Dz6LBH4
	for <dev-commits-src-branches@mlmmj.nyi.freebsd.org>; Fri, 19 Dec 2025 09:19:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4dXhml00lrz44f0
	for <dev-commits-src-branches@FreeBSD.org>; Fri, 19 Dec 2025 09:19:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1766135943;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bEL7zaic100CaM5CZmwwcaMf5vERMMf9G7P3IKKzm2I=;
	b=IHKBLUjI90VVOOsu7/hXSMqh8djJEzyG0rDubm8JtXMEbgp3tQnqVNGnlxkK1ycIy9pbTm
	XmZT8mH/B+OA+aw81g6Ys5quHyqIKquwqXhbMoU6HkvtDB1Yxna3PFJxgdhp0PkyA/jeJf
	v+w8YLsliW90830PT9VfYkCwplSMPwTqZB9Fuof8K3aiBVGR57nGr0PriuBHvjtCXFJaed
	hjWD4ykWeqMEYApsmhTvDUek4NVTYHoWGAlSH8jQavBpfRWSBoF/MEs79WDzqMyn7RfP0V
	WlJW5ENdxyZ8uDFdZNjGmn74GfhrKxkLV63hLShl3KlgH232Kd8ojg1mEHcTTw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1766135943;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=bEL7zaic100CaM5CZmwwcaMf5vERMMf9G7P3IKKzm2I=;
	b=jyDeikfL51GyN5g8/9QeOwXZRK8clzk+YZpukkVh5w/iF63VgEJ5Oyqf84yXT2gDxzEXbm
	1dYXj1S/IJI3wvvTD8uAlTfGch+i8rNDYKsNm5FiXqpwxNaPYJwX/0J7ih66FMfvzRbcki
	vhg1197cBW5prpsVEso5owW4L0lVdSR7igF4robKIpSAJC3J0NK2R60ONfV3ySkIoD9blk
	ahAdPX93UmrTlPLWy2kTqQ/aWg60jBGxmXkMlvRta9GtvvrvkXnqaNYp93PsD5okdA4amp
	U2HpIEdB7hAXO5z9cjal7y8vksbgiHqif0EhT7gHydDdenLPSls7XjjqXySOMg==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1766135943; a=rsa-sha256; cv=none;
	b=fWkbTMM4tmIqsCAi7EDOArvvhwriYkMvPqANz8PKmuB44wrnDMVLDk/Fsb+DB+NO4oXd4f
	9kZpuZ0NchgeRY2Z3oezRfKV6KoOFN1G19lcENAk/sSKMGAfzuuz14zQxsokdC0UdTdcxC
	2c/mXZI7pcAyJuXrw/YHkBiMf6R8mKH26AMBcu9n1LU1VTRDhO5MleXb0puRhL6jbcO27P
	oqgJgSqB7N79VgU23Uf5n032rUyxCuuF79ZMr+apKuCKPDKOGzROQ2/s6ckuWtYJ030JZz
	f0eCviwu+JHt0CRmWtB5cJSwevXl5g+h9cTCLR3MhBm821tV9b07U8vMrCheYQ==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dXhmk6NpXz1GKn
	for <dev-commits-src-branches@FreeBSD.org>; Fri, 19 Dec 2025 09:19:02 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from git (uid 1279)
	(envelope-from git@FreeBSD.org)
	id 3eec8
	by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org);
	Fri, 19 Dec 2025 09:19:02 +0000
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Cc: Kyle Evans <kevans@FreeBSD.org>
From: Olivier Certner <olce@FreeBSD.org>
Subject: git: d913e3fe23b5 - stable/14 - tftpd: explicitly set egid after dropping supplemental groups
List-Id: Commits to the stable branches of the FreeBSD src repository <dev-commits-src-branches.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches
List-Help: <mailto:dev-commits-src-branches+help@freebsd.org>
List-Post: <mailto:dev-commits-src-branches@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-branches+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-branches+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-branches@freebsd.org
Sender: owner-dev-commits-src-branches@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: olce
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: d913e3fe23b538bf602a58d5cdf1438c16a8e41d
Auto-Submitted: auto-generated
Date: Fri, 19 Dec 2025 09:19:02 +0000
Message-Id: <69451886.3eec8.3b54eb72@gitrepo.freebsd.org>

The branch stable/14 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=d913e3fe23b538bf602a58d5cdf1438c16a8e41d

commit d913e3fe23b538bf602a58d5cdf1438c16a8e41d
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-07-24 14:59:07 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-12-19 09:16:43 +0000

    tftpd: explicitly set egid after dropping supplemental groups
    
    tftpd seems to be the last program in base that implicitly relies on
    setgroups() to set the egid.  This is a security landmine in portable
    software as most operating systems don't behave this way, so do an
    explicit setgid() in case the kernel doesn't set it already.
    
    While we're here, FreeBSD's setgroups() has supported nominally clearing
    all supplemental groups since 1997.  It still leaves the egid in our
    cr_groups[0] because we don't have an out-of-band way to store the egid,
    and on other systems it'll clear the supplemental group entirely as one
    would want.
    
    Reviewed by:    allanjude (previous version), des, olce
    Differential Revision:  https://reviews.freebsd.org/D51149
    
    (cherry picked from commit 5138a20765c76cdc8f245d3d7caeffe9a9011bb2)
---
 libexec/tftpd/tftpd.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libexec/tftpd/tftpd.c b/libexec/tftpd/tftpd.c
index 81bc79fc2c12..d27054b757f8 100644
--- a/libexec/tftpd/tftpd.c
+++ b/libexec/tftpd/tftpd.c
@@ -363,10 +363,14 @@ main(int argc, char *argv[])
 			tftp_log(LOG_ERR, "chdir: %s", strerror(errno));
 			exit(1);
 		}
-		if (setgroups(1, &nobody->pw_gid) != 0) {
+		if (setgroups(0, NULL) != 0) {
 			tftp_log(LOG_ERR, "setgroups failed");
 			exit(1);
 		}
+		if (setgid(nobody->pw_gid) != 0) {
+			tftp_log(LOG_ERR, "setgid failed");
+			exit(1);
+		}
 		if (setuid(nobody->pw_uid) != 0) {
 			tftp_log(LOG_ERR, "setuid failed");
 			exit(1);