From nobody Thu Sep 28 15:10:51 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RxH3v3Xwlz4tty0; Thu, 28 Sep 2023 15:10:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RxH3v329Jz3YjW; Thu, 28 Sep 2023 15:10:51 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695913851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k29SYkhbCTDDk/huSLbQsy6pYKT3innbxm+icDtnrNU=; b=nLDJJt3ID7rZ9Q0ZhtczynZySLKNNaMoT+eqK5W83Tx0n8suDeeI0ATr4RWldGTy0XRf0N WhsP8n9Rh3D9Rt9x5n2Rmjc7izwqcjvGr3aHMr2/XKKI3dS+WCK3ACqcfh3TxWDRhCZZHO uGJKEWgoLOjhDfPj5vFhImFvDo9H85EJUkpISeYZkRPsXZ8bWQmZ7NkmXqItEp/+OPLYwg bwFaUnxbeKMB5iYUBcnkC8KqPTrmzF6vJ7BGAP+D5G1oDOmpKQ/y7Hr2zido3rI7OKCd0u 5ZkVrZuGA7Koz4/5D65o3HuSmyTOll7mPOi9gzgS/yQkKYxk3xJpvgoPZcyW+A== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1695913851; a=rsa-sha256; cv=none; b=Rv0rH1mwL810zEX2VQqjRnZSL/y1Bx8LfcNa+YJ+Kd/yI1/2hZHo22PHpQ4YYY+kSHJlhq JghwCtUsow1Nn1CjLHLBskKulkgC0ehlC+kv/4sDtyTpTytz/j98zhkap3ZOMZX0HChUKO yz4WnS39nYthEQ/AoSxh6pDtZHeOvEyvs4vl8EGaotTRBG5wCaoasSRqLfgYWEr+P8kWOI +kE1+vedczXVXHWzTci6xywER8dZtprIq3Ux4p+cFAkbAbcxaHZXiPi4uJOXxTTxoibSNr M6JTZU07GQPLELgScnDPbj6kXJM+PppMDrnhsakI9mlFtRI5tB0NWvnO+QT8Sg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1695913851; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=k29SYkhbCTDDk/huSLbQsy6pYKT3innbxm+icDtnrNU=; b=lJOobfB5+UoNErT8BAX6HwUa7vx8DQFJm8FewPPucE7za484QEHd3D3EvPJXcW//blTvtC Yw+PFWkaboAVp+EUoBzquiDzX+5bbZExatGNWQGPg8De/c68A/eWGwBy2HO7cx35b9zajv 9+1g9wi4nh1uVxuz6D1T2imfDzFwuX54CcV/LyAZS9pIjsKcDD9IVV3we0SOHEOTWGEGxO rLZTOes8XXLdbUhlDeWqyofVSPrn9uHSVBdYcDUshKjogncBebtJdboyNPt/gtkfMj9E1l z6HDCNekeDn7FkiSZ6vDnYVi/w4eukzUq8PZsIxIfT+mH3a9j/sWnQJ9AdcOfQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RxH3v25lxzBk0; Thu, 28 Sep 2023 15:10:51 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38SFApj1047841; Thu, 28 Sep 2023 15:10:51 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38SFAp4u047838; Thu, 28 Sep 2023 15:10:51 GMT (envelope-from git) Date: Thu, 28 Sep 2023 15:10:51 GMT Message-Id: <202309281510.38SFAp4u047838@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Mitchell Horne Subject: git: 91658080f1a5 - main - cr_canseeothergids(): Use real instead of effective group membership List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: mhorne X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 91658080f1a598ddda03943a783c9a941199f7d2 Auto-Submitted: auto-generated The branch main has been updated by mhorne: URL: https://cgit.FreeBSD.org/src/commit/?id=91658080f1a598ddda03943a783c9a941199f7d2 commit 91658080f1a598ddda03943a783c9a941199f7d2 Author: Olivier Certner AuthorDate: 2023-08-17 23:54:45 +0000 Commit: Mitchell Horne CommitDate: 2023-09-28 15:05:46 +0000 cr_canseeothergids(): Use real instead of effective group membership Using the effective group and not the real one when testing membership has the consequence that unprivileged processes cannot see setuid commands they launch until these have relinquished their privileges. This is also in contradiction with how the similar cr_canseeotheruids() works, i.e., by taking into account real user IDs. Fix this by substituting groupmember() with realgroupmember(). While here, simplify the code. PR: 272093 Reviewed by: mhorne MFC after: 2 weeks Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40642 --- sys/kern/kern_prot.c | 23 ++++++++++------------- 1 file changed, 10 insertions(+), 13 deletions(-) diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index b62a5e9ee20b..0f15771fb00d 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -1408,21 +1408,18 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW, static int cr_canseeothergids(struct ucred *u1, struct ucred *u2) { - int i, match; - if (!see_other_gids) { - match = 0; - for (i = 0; i < u1->cr_ngroups; i++) { - if (groupmember(u1->cr_groups[i], u2)) - match = 1; - if (match) - break; - } - if (!match) { - if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0) - return (ESRCH); - } + if (realgroupmember(u1->cr_rgid, u2)) + return (0); + + for (int i = 1; i < u1->cr_ngroups; i++) + if (realgroupmember(u1->cr_groups[i], u2)) + return (0); + + if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0) + return (ESRCH); } + return (0); }