From nobody Tue Sep 9 15:57:59 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cLpPh2fCWz675mh; Tue, 09 Sep 2025 15:58:00 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cLpPh07X2z48lL; Tue, 09 Sep 2025 15:58:00 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757433480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=stOeBvHbohcPrXIykOK7mzKZqfC1nNHLbYscCfv6U7s=; b=LUTYHEz5no550np7uyuWtSAGoaxbdnhDGkJFnSQpw4wMGQgkwc5gUIASJfRGEPU7xY57EQ ZHZK2gyp3Oizr50lgZ/CKCOgPmk/s3S6cfmRn9eMbEUrXvyuBGhiITzxfgBsytuNFjPMZa RqZFORcmp/KYVNSr/WKX/eLpqaEaX/Y6MHWOeU5rL2fJYwG2W9qP2Cvfu3yGDykVQF8JBH Vw5p+bibxgun2+IGphM74SbnnAJfES14JOPaQhKXoaVbk+9gOAIiodBUCDkz771bwqlamb FHPey2+qxcaOqYkWiRmbn6xs/dCmFZ9ixdfn2Xva8e2xI8dM6ocjk5gMZIuQlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757433480; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=stOeBvHbohcPrXIykOK7mzKZqfC1nNHLbYscCfv6U7s=; b=gEohktA6FrEBeRD4uQJTY/Ki4qWVV8QAElaOovJaXj84jCHVj3JRYaiVJ2jq0Ta6kGbtU9 1chz32kn+ZOSnMPijPOdbTDm4xeFE+6O19bp64dQRWqS72MyrTshc+61mC0ept09sKPkrZ YYN20FDctbpu+aJwkCkC2JCSWX+QtOW8JRSsIZ2fSVRR3Z1Bf2bW5gWGSABKQr5eScK99J iwJzLD2nSu27dN5ETEpiGfplNQwBQ4dsTYaEhGlHDvZdpfZ2umJFG0vWB5fVHP898RJ/ZL RCzEZtcObiiBvVTZnt/niVc2i8p7iTVLNp/2G+sHBoKnM9UuYTWHZGdVtzKgmA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757433480; a=rsa-sha256; cv=none; b=pKPiUuQJwO9lWZEpCiyQ43G4CN/3+CBU8km6FFZcOvZNwKq9Byibdt61TrBf9O46/GNUmE 7GskbVcbf/9d9x+dI/dJ/BulMytxeZK77vXn8cUEx8hzLiiOd7PRMVp9M8efKfX+CWTRJE hqEA/Vg+PsAzCFTqqZstHD5rirIGv0hR8lswFvX0BApAUrwsV6ymBeViugmLI85HFYvGRk xaDHa/yTje5fAWQj5OKsd+o1FpgeMitzOvMz79rBcAum08lYsQpjW1w1wT+J1j8sZpUN1h jD4lAmgvwgw5Th2GEvZhPy5X1HRIgKZkgNftFlkGJpGEK20hjN6xgN9hMua7NA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cLpPg6VRDzjyh; Tue, 09 Sep 2025 15:57:59 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 589Fvx9G039288; Tue, 9 Sep 2025 15:57:59 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 589FvxvB039285; Tue, 9 Sep 2025 15:57:59 GMT (envelope-from git) Date: Tue, 9 Sep 2025 15:57:59 GMT Message-Id: <202509091557.589FvxvB039285@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Olivier Certner Subject: git: d9e11f01ef07 - main - hwt: On attach, ensure owner is a target effective GID's member List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: olce X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d9e11f01ef076749e58614c03168e89f161dd978 Auto-Submitted: auto-generated The branch main has been updated by olce: URL: https://cgit.FreeBSD.org/src/commit/?id=d9e11f01ef076749e58614c03168e89f161dd978 commit d9e11f01ef076749e58614c03168e89f161dd978 Author: Olivier Certner AuthorDate: 2025-08-26 10:05:15 +0000 Commit: Olivier Certner CommitDate: 2025-09-09 15:56:47 +0000 hwt: On attach, ensure owner is a target effective GID's member This restores a check that existed prior to commit be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]"). Fixes: be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]") MFC after: 9 days Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D52253 --- sys/dev/hwt/hwt_ioctl.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/sys/dev/hwt/hwt_ioctl.c b/sys/dev/hwt/hwt_ioctl.c index 592db4931bb4..184c7e72f986 100644 --- a/sys/dev/hwt/hwt_ioctl.c +++ b/sys/dev/hwt/hwt_ioctl.c @@ -112,12 +112,11 @@ hwt_priv_check(struct proc *o, struct proc *t) error = EPERM; goto done; } - - /* Check the read and saved GIDs too. */ - if (!groupmember(tc->cr_rgid, oc) || + if (!groupmember(tc->cr_gid, oc) || + !groupmember(tc->cr_rgid, oc) || !groupmember(tc->cr_svgid, oc)) { - error = EPERM; - goto done; + error = EPERM; + goto done; } done: