From nobody Fri Oct 10 17:16:23 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cjtgs2sJTz6Bch0; Fri, 10 Oct 2025 17:16:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cjtgq6sHJz3gR3; Fri, 10 Oct 2025 17:16:23 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760116584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+YONFHiuEgW3qC7RszsmhLBoF7hcLpXUgRExa8/2YQc=; b=UwcYZrSBzf38KxWARcnnYQ0AxJ6xH3QUET7taFFA6dUdA0NlClcQ6ETQIQChIaMSkfRogQ jhZbDq7yc+R6xtqbDMOETpd3GYlowd+ZgI4LJxt4v4D1Zw4b3mWa59vnbVcipAp0NRWBHP yd2c9+yBoDu2gv2mrarQI+frwZqrdsn1snkSx0v8DzOISKq8idhztbU3rTl+xyiDr+UqmL MBfZtUl+NOyFkTvi3ob5nO6rPItNQMQz9QLxlud3SfdGSPRN7v6Bj9O9Uq39EdjWSe5iFS Q5Ag9AN5+Bp7oueaydq0niIXGtfY/YJog3TfBo9jo0ldULT07jQprA6OrZBiOw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1760116584; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=+YONFHiuEgW3qC7RszsmhLBoF7hcLpXUgRExa8/2YQc=; b=tu8oiEGzp1YKGxmK24Ci+87HELC8ds7jgpuxJLHJo6MkoLvT70VXGGJMpAmrjHUoANTAca wWLUSrS90aUGbXG6hiXN6AV0kuvXU72pai5iNzmjK5g3ofOxmhnxLaDGNfQlLFxEgZlLgn BbsPpFs3tbQGVzCUNjYAvUICzwMh8cesdo7kCfATiMjJwbe4q4v3tZIQVOLiOUWiyeiMnj PagBNyI0A16CnwnAufbpX9r2Im7WY1JosSXMMKDoakurfFSBbRf87uGl8eSAN1mU38JuDb HWUtnCw4vpzyJeljwGDfYFGdN7ClekCglmIad9pyKvenWIvaJIUi7ZEAX7HWMw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1760116584; a=rsa-sha256; cv=none; b=fOSZ6GiEf0n0vYQM0sd1CHRMx6Irym1P3bC76XRGVrpVgh3TCzRc17ZQGwiZJXdcIIUYr0 BbpVrSDpntwbDnLrQ4UH4apxuPZ99JJF5htKXjfDPbO+AbpmVKxBCD6F0NMjmCe0psBGnr z2QlH6LwPBcjCG42pRJSFV++J15dgo922D9URj9Tq2EFeYljlkTBxorzLKFppu2WxSI4P0 99KuHuEIVaV0nPQtv53DXHDE0It8Tl9tZHlUw+XLw4xpMd5JqvgtAdR6FvEEoHOV3J7Nzy bdJZOOR4BH3OA8Kh5v+1ph/pqujFyhcwzHHL6NoV3+Qi58mcKouG3leaFukZzg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cjtgq6NZgz1Bnf; Fri, 10 Oct 2025 17:16:23 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 59AHGNbf009319; Fri, 10 Oct 2025 17:16:23 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 59AHGNxW009316; Fri, 10 Oct 2025 17:16:23 GMT (envelope-from git) Date: Fri, 10 Oct 2025 17:16:23 GMT Message-Id: <202510101716.59AHGNxW009316@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Olivier Certner Subject: git: 06e0e31f8698 - stable/14 - initgroups.3: Revamp, mention FreeBSD 15's change in behavior List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 06e0e31f8698d49b692bbd56d7ac355b677b4b5d Auto-Submitted: auto-generated The branch stable/14 has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=06e0e31f8698d49b692bbd56d7ac355b677b4b5d commit 06e0e31f8698d49b692bbd56d7ac355b677b4b5d Author: Olivier Certner AuthorDate: 2025-08-29 14:19:33 +0000 Commit: Olivier Certner CommitDate: 2025-10-10 17:15:57 +0000 initgroups.3: Revamp, mention FreeBSD 15's change in behavior Update the manual page with the upcoming change in behavior in FreeBSD 15. Add a "SECURITY CONSIDERATIONS" section that mentions some property of the current behavior, and refer to the same manual page in 15 for more details. While here, revamp the manual page, in particular to use the exact POSIX terminology where possible. Reviewed by: kib Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52282 (cherry picked from commit 9dc1ac8691966480ff8bd9c37dd405b981b41dd5) As indicated in the original commit message, only the manual page was MFCed and then specifically modified as stable/14's setgroups(2) still has the old behavior. The original commit message above was reworked to reflect the actual commit content. --- lib/libc/gen/initgroups.3 | 90 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 75 insertions(+), 15 deletions(-) diff --git a/lib/libc/gen/initgroups.3 b/lib/libc/gen/initgroups.3 index a44641a63828..4bf598db5666 100644 --- a/lib/libc/gen/initgroups.3 +++ b/lib/libc/gen/initgroups.3 @@ -1,5 +1,13 @@ +.\"- +.\" SPDX-License-Identifier: BSD-3-Clause +.\" .\" Copyright (c) 1983, 1991, 1993 .\" The Regents of the University of California. All rights reserved. +.\" Copyright (c) 2025 The FreeBSD Foundation +.\" +.\" Portions of this documentation were written by Olivier Certner +.\" at Kumacom SARL under sponsorship from the FreeBSD +.\" Foundation. .\" .\" Redistribution and use in source and binary forms, with or without .\" modification, are permitted provided that the following conditions @@ -27,12 +35,12 @@ .\" .\" @(#)initgroups.3 8.1 (Berkeley) 6/4/93 .\" -.Dd October 26, 2014 +.Dd October 9, 2025 .Dt INITGROUPS 3 .Os .Sh NAME .Nm initgroups -.Nd initialize group access list +.Nd initialize the effective groups using the group database .Sh LIBRARY .Lb libc .Sh SYNOPSIS @@ -42,19 +50,19 @@ .Sh DESCRIPTION The .Fn initgroups -function -uses the -.Xr getgrouplist 3 -function to calculate the group access list for the user -specified in +function initializes the current process' effective and supplementary groups, +collectively called the effective groups, as prescribed by its arguments and the +system's group database. +.Pp +It first uses the +.Fn getgrouplist +function to compute a list of groups containing the passed +.Fa basegid , +which typically is the user's initial numerical group ID from the password +database, and the supplementary groups in the group database for the user named .Fa name . -This group list is then setup for the current process using -.Xr setgroups 2 . -The -.Fa basegid -is automatically included in the groups list. -Typically this value is given as -the group number from the password file. +It then installs this list as the current process' effective groups using +.Fn setgroups . .Sh RETURN VALUES .Rv -std initgroups .Sh ERRORS @@ -62,7 +70,7 @@ The .Fn initgroups function may fail and set .Va errno -for any of the errors specified for the library function +to any of the errors specified for the library function .Xr setgroups 2 . It may also return: .Bl -tag -width Er @@ -79,3 +87,55 @@ The .Fn initgroups function appeared in .Bx 4.2 . +.Pp +The +.Fn initgroups +function has changed semantics in +.Fx 15 , +following that of +.Xr setgroups 2 +in the same release. +In the current version, +.Nm +sets the effective group ID to +.Fa basegid +and does not include the latter in the supplementary groups. +Starting with +.Fx 15 , +.Nm +leaves the effective group ID unchanged and includes +.Fa basegid +in the supplementary groups instead. +.Sh SECURITY CONSIDERATIONS +.Nm +currently sets the effective group ID to +.Fa basegid . +Starting with +.Fx 15 , +it will not do so anymore. +Programs that rely solely on +.Nm +to change the effective group ID will have to be modified. +For maximum compatibility, please make sure that some standard or traditional +function changing the effective group ID, such as +.Xr setgid 2 +or +.Xr setegid 2 , +is used in conjunction with +.Nm +.Pq this should always be the case for portable programs . +.Pp +Processes requesting a change of effective group ID or that are spawned from +executables with the set-group-ID mode bit set relinquish the access rights +deriving from being a member of their initial effective group ID, unless the +latter is also included in the supplementary groups. +Duplication of the effective group ID in the supplementary groups currently only +happens if the user's initial numerical group ID from the password database is +seconded by a corresponding group entry listing the user in the group database. +As, starting from +.Fx 15 , +.Nm +will put +.Fa basegid +in the supplementary groups set, such additional entries in the group database +will become unnecessary.