From nobody Tue Aug 26 13:50:34 2025 X-Original-To: dev-commits-doc-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cB8F71tRkz65bR0 for ; Tue, 26 Aug 2025 13:50:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cB8F71H2Vz3MFn; Tue, 26 Aug 2025 13:50:35 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756216235; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=l07d17/Sp+y0F7h+QrtSs2+2X+g4GNeFVN+/xuIiksE=; b=jgIznFdBwJcPDZD66O12Jtvzx4IEjczZ5pmD23tgJYWfmJ9w18gpkVgZnsYjjwknh0ae8A fyRT/fut+34ZN810BYCu/urNcdaXdlpUKhlCMXwm16PvW8/gVpSbcIJZkuUSmvXqnjnWT9 Tqn9AMUalqAAvtG6bSJgBfEIho/B8mKT3IqDrUZsaeOvyLq2ZZu53gjG0RYWGiAMWtT0HH kQ1zAkOlITzPcIrjRMArrvv/pD3boje2mP2NMRwzjjKq3eepIFxLhHxpysRKIhnnAlU4/I CYj+uom6xjY8xUGUKpd9y8jxCPJW9ab4OyqmCkNap+KQui4KxkTOp75JnKx2UQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1756216235; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=l07d17/Sp+y0F7h+QrtSs2+2X+g4GNeFVN+/xuIiksE=; b=tWlq215Z+JDgfPSpr5AMwjdSfUZTH55qv8HtB/BTk9ko5pSc4QNZKsuAh6ef5B6WVFmuyY WBLF5zyAuv5bSYXJxACneWm6loGEimg8BGsSSbRqofBGVIawlb8RRPUG2reDf57hVLNG47 ugLwfUGJ0aPuuyX/qCl+dCywQNJKhQmlBe8fEJPJJHVf+fn1Bk/Y/4zbN2zjVXZQv6Cwxc qGKO+RwQzoiNNkrBiWgBYTBkTJfhpn+3b42tYB1E92VyF48l+/QXhzmd4fPaTngMaIiZXG 767UEo0gWDfdUvW+VORveKf8vDKlMSn15TJNB2zyfTaOb8Lup6Oz/93pdfYuAQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1756216235; a=rsa-sha256; cv=none; b=Npwe9UGVGlY3mNDkB9VCG43eCxCIyh9gVzU0BLYafe2CHOrVfrNolDTFCTyHGXn+3LjYyH 9X94Qt035dCCkZQZ3frJBS2eYTASBS4UnVsK92rBxnufsT4F0MznCEt8zc0YrGkLaWBKtJ XCL+lPH+3TUEPk3YPxsRaOLb8snkPebntPdXh0851yvwSixvG9aduVljr2s2lF8Y++AEAT WSesUwvEFVIJihR6E0azt+7KnR7i7YKjaTXvteAF5RkudOlYEhDEYf3eFqZCmA+IZBZ0bp NxfOH+eRVgBn853MuPOEMl3rf9aDQeITaM2Oog90wrQGNooHf+J0CBsQHguq9A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cB8F705Jqzfrn; Tue, 26 Aug 2025 13:50:35 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 57QDoY2W092160; Tue, 26 Aug 2025 13:50:34 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 57QDoYjS092157; Tue, 26 Aug 2025 13:50:34 GMT (envelope-from git) Date: Tue, 26 Aug 2025 13:50:34 GMT Message-Id: <202508261350.57QDoYjS092157@gitrepo.freebsd.org> To: doc-committers@FreeBSD.org, dev-commits-doc-all@FreeBSD.org From: Lorenzo Salvadore Subject: git: 387f30ecec - main - Status/2025Q2/groupe-changes.adoc: Add report List-Id: Commit messages for all branches of the doc repository List-Archive: https://lists.freebsd.org/archives/dev-commits-doc-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-doc-all@freebsd.org Sender: owner-dev-commits-doc-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: salvadore X-Git-Repository: doc X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 387f30ecec1fa147d9cf41bd1facbc4c369da472 Auto-Submitted: auto-generated The branch main has been updated by salvadore: URL: https://cgit.FreeBSD.org/doc/commit/?id=387f30ecec1fa147d9cf41bd1facbc4c369da472 commit 387f30ecec1fa147d9cf41bd1facbc4c369da472 Author: Kyle Evans AuthorDate: 2025-08-19 04:19:41 +0000 Commit: Lorenzo Salvadore CommitDate: 2025-08-26 13:50:00 +0000 Status/2025Q2/groupe-changes.adoc: Add report Pull Request: https://github.com/freebsd/freebsd-doc/pull/539 --- .../report-2025-04-2025-06/group-changes.adoc | 27 ++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/website/content/en/status/report-2025-04-2025-06/group-changes.adoc b/website/content/en/status/report-2025-04-2025-06/group-changes.adoc new file mode 100644 index 0000000000..01dc8f2a13 --- /dev/null +++ b/website/content/en/status/report-2025-04-2025-06/group-changes.adoc @@ -0,0 +1,27 @@ +=== ucred / group changes in FreeBSD 15.0 + +Links: + +link:https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004825.html[freebsd-arch@ discussion] URL: https://lists.freebsd.org/archives/freebsd-hackers/2025-August/004825.html[] + +link:https://cgit.freebsd.org/src/commit/sys/sys/ucred.h?id=be1f7435ef218b1df35aebf3b90dd65ffd8bbe51[Primary kernel change] URL: https://cgit.freebsd.org/src/commit/sys/sys/ucred.h?id=be1f7435ef218b1df35aebf3b90dd65ffd8bbe51[] + +link:https://cgit.freebsd.org/src/commit/sys/kern/kern_prot.c?id=9da2fe96ff2ea227e4d5f03ef92b55aabeabb7fc[Primary userspace change] URL: https://cgit.freebsd.org/src/commit/sys/kern/kern_prot.c?id=9da2fe96ff2ea227e4d5f03ef92b55aabeabb7fc + +Contact: Kyle Evans + +Contact: Olivier Certner + +FreeBSD 15.0 will change how supplementary groups are handled in both userspace and the kernel in FreeBSD 15.0 in a way that warrants additional attention and feedback. + +For some background: FreeBSD has historically tracked the effective group-ID of a process in the man:ucred[9] cr_groups array as the first element, with the rest of the array describing its supplementary groups. +The natural consequence of this decision is that the arrays used in man:setgroups[2] and man:getgroups[2] follow the same format, and man:setgroups[2] has the documented side effect of setting the effective group-ID. +The vast majority of other platforms do not exhibit this behavior anymore, including NetBSD and OpenBSD. +macOS appears to be the only exception found in testing. + +The problem is that the vast majority of software in the FreeBSD Ports Collection comes from other platforms, where man:setgroups[2] and man:setgroups[2] operate purely on the supplementary groups. +This kind of a behavior difference is very subtle and would need to be audited more carefully to be sure that we have not introduced a potential security issue in ported software. + +In FreeBSD 15.0, the primary user-facing change is that man:setgroups[2], man:getgroups[2], and man:initgroups[3] behavior will change to match other platforms, and users are requested to be extra vigilant in areas that may be affected as we proceed through the release cycle. +In general, the expectation is that this change may: + +* Fix some small number of bugs where we would have lost either our expected effective group membership or one of the supplementary groups we should have been in +* (Less likely) Introduce some even smaller number of bugs where something expected man:setgroups[2] to change our effective group membership but now it is just a supplementary group and our effective group-ID is unchanged + +Software included in the base system is largely unaffected or improved by this change, with OpenSSH being a notable example of a link:https://cgit.freebsd.org/src/commit/?id=239e8c98636a7578cc67a6f9d54d14c71b095e36[strange bug] caused by the historical implementation.