From nobody Tue Aug 12 12:30:56 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4c1W7h2w4Bz64gGm;
	Tue, 12 Aug 2025 12:30:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4c1W7h2GvQz3Dbh;
	Tue, 12 Aug 2025 12:30:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1755001856;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=20kiX1VT3nNhKejcrxPzBkJPYRaQRJ1dlG8cQH1kTqs=;
	b=MI+2m1pFiPfwRNRWI91/g1azeBekYYvnTSrQN7vMKwnfcvca9VkG0OSXqFBGoKWn3wOhEJ
	T0cqhHoWzg6dYxYIp8hsyZ6cVtwEB4nBxvZAHpTRa+wdUf/0L29V8JlHk7K4mh97teMvYx
	a43ILlvlt+gs5IXtu6iTihlviXdFTyxyfZNINFUkptobQpn9R7lmisjtxYA1TGBB6HpCbf
	hojUIS5Od6oKGeQ109uxl5sog/UcVW+elrA12Q2W84xLUXmqFF9GJoNcov9MBwXNSK6pnR
	8nmBUAcf5jRNyqIlvb+KuxByC43ycxgyyfkz7OZqUNDQoDiDKpvmMiNHu9MBtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1755001856;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=20kiX1VT3nNhKejcrxPzBkJPYRaQRJ1dlG8cQH1kTqs=;
	b=Xo35UrVWRVI3eW6swZJGAUYFrAMM3e95JcxVOIWSe+XN5FzjFG9RvYz+m53FDJxNIhIoq4
	G9BOI1u/nhR6otcxSddWNHgNZuBjNO1bP4MsoULOPYL0CA0tyKxRRr65Mqm2EYYbg22L1y
	pqaoZJTuHaNCc++XNPEYuC4MV+zLNCGezggw4HweUCyNU27ihYqcUYuit24R04P6etARmR
	Zy7FlomWe6M5352OsN25i2YR4LlItLw/yjLeUnjnbFFF+JFrkJp7f+m1Jf98Fk5aDrdBNz
	ElbrQ6NUCKv2zx0vyeuTvfZDHV2A07CkwlrWwKYR0onXu7wb+Rv1v72KKUvutA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1755001856; a=rsa-sha256; cv=none;
	b=mC+g6O0ZCRJheQVJvGykN4MvPiPNal25uEf+9WlkIxWrjxwNHWRGu1aMN8effsMcUCLWiw
	PgqBbOUE68ZR9Jydb8iq1up5vJBeJ02nYkWAmMJZ9iJ0joGvmM94wF3uaMg+GH3I+l38ul
	qLrpZ8+/aBLVFiZSfCezrOH5XhARSC2zHnVlDdjRaeV9f+0UmW/Xu9LfqXyGCU48jfW/mz
	ikQ8jxsfpYAUV01DtbuqWWyb5pwf/Z+ybhkQ0cCNeqlTD+VvHFcyMER0zRQ43/GeGp/R9f
	k8rfyGJ62BPTz1lAL8sGxZX3wAEbZD1WW1Ofc/1ZkD1CkMCKyl9YClvknl/tJw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4c1W7h1szzzdmY;
	Tue, 12 Aug 2025 12:30:56 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57CCUudR045786;
	Tue, 12 Aug 2025 12:30:56 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57CCUuHn045783;
	Tue, 12 Aug 2025 12:30:56 GMT
	(envelope-from git)
Date: Tue, 12 Aug 2025 12:30:56 GMT
Message-Id: <202508121230.57CCUuHn045783@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Kyle Evans <kevans@FreeBSD.org>
Subject: git: babab49eee94 - main - chroot: don't setgroups() without
  -G having been specified
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: kevans
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: babab49eee9472f628d774996de13d13d296c8c0
Auto-Submitted: auto-generated

The branch main has been updated by kevans:

URL: https://cgit.FreeBSD.org/src/commit/?id=babab49eee9472f628d774996de13d13d296c8c0

commit babab49eee9472f628d774996de13d13d296c8c0
Author:     Kyle Evans <kevans@FreeBSD.org>
AuthorDate: 2025-08-12 12:14:38 +0000
Commit:     Kyle Evans <kevans@FreeBSD.org>
CommitDate: 2025-08-12 12:30:23 +0000

    chroot: don't setgroups() without -G having been specified
    
    We previously would not have setgroups() at all, but now we would drop
    our supplementary groups every time.  This broke chroot -n, probably
    among other things.  We need tests here, but lets unbreak things first.
    
    A future change may try to setgroups(2) when -u is specified in addition
    to -G, so predicate the call on gidlist and don't populate that without
    a grouplist.
    
    PR:             288751
    Fixes:  48fd05999b0f ("chroot: don't clobber the egid [...]")
---
 usr.sbin/chroot/chroot.c | 43 ++++++++++++++++++++++++++-----------------
 1 file changed, 26 insertions(+), 17 deletions(-)

diff --git a/usr.sbin/chroot/chroot.c b/usr.sbin/chroot/chroot.c
index d9fb29474d87..7ec5a00b50f0 100644
--- a/usr.sbin/chroot/chroot.c
+++ b/usr.sbin/chroot/chroot.c
@@ -103,7 +103,9 @@ main(int argc, char *argv[])
 
 	gid = 0;
 	uid = 0;
+	gids = 0;
 	user = group = grouplist = NULL;
+	gidlist = NULL;
 	nonprivileged = false;
 	while ((ch = getopt(argc, argv, "G:g:u:n")) != -1) {
 		switch(ch) {
@@ -119,6 +121,11 @@ main(int argc, char *argv[])
 			break;
 		case 'G':
 			grouplist = optarg;
+
+			/*
+			 * XXX Why not allow us to drop all of our supplementary
+			 * groups?
+			 */
 			if (*grouplist == '\0')
 				usage();
 			break;
@@ -139,23 +146,25 @@ main(int argc, char *argv[])
 	if (group != NULL)
 		gid = resolve_group(group);
 
-	ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
-	if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL)
-		err(1, "malloc");
-	/* Populate the egid slot in our groups to avoid accidents. */
-	if (gid == 0)
-		gidlist[0] = getegid();
-	else
-		gidlist[0] = gid;
-	for (gids = 1;
-	    (p = strsep(&grouplist, ",")) != NULL && gids < ngroups_max; ) {
-		if (*p == '\0')
-			continue;
-
-		gidlist[gids++] = resolve_group(p);
+	if (grouplist != NULL) {
+		ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
+		if ((gidlist = malloc(sizeof(gid_t) * ngroups_max)) == NULL)
+			err(1, "malloc");
+		/* Populate the egid slot in our groups to avoid accidents. */
+		if (gid == 0)
+			gidlist[0] = getegid();
+		else
+			gidlist[0] = gid;
+		for (gids = 1; (p = strsep(&grouplist, ",")) != NULL &&
+		    gids < ngroups_max; ) {
+			if (*p == '\0')
+				continue;
+
+			gidlist[gids++] = resolve_group(p);
+		}
+		if (p != NULL && gids == ngroups_max)
+			errx(1, "too many supplementary groups provided");
 	}
-	if (p != NULL && gids == ngroups_max)
-		errx(1, "too many supplementary groups provided");
 
 	if (user != NULL)
 		uid = resolve_user(user);
@@ -175,7 +184,7 @@ main(int argc, char *argv[])
 		err(1, "%s", argv[0]);
 	}
 
-	if (gids && setgroups(gids, gidlist) == -1)
+	if (gidlist != NULL && setgroups(gids, gidlist) == -1)
 		err(1, "setgroups");
 	if (group && setgid(gid) == -1)
 		err(1, "setgid");