Date: Wed, 18 Oct 2023 18:05:01 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones Message-ID: <bug-272093-227-y6XkzibsaE@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-272093-227@https.bugs.freebsd.org/bugzilla/> References: <bug-272093-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272093 --- Comment #4 from commit-hook@FreeBSD.org --- A commit in branch releng/14.0 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=3D26ff4836c88812b9ee03c4cc127ba2b46= 7173a0e commit 26ff4836c88812b9ee03c4cc127ba2b467173a0e Author: Olivier Certner <olce.freebsd@certner.fr> AuthorDate: 2023-08-17 23:54:45 +0000 Commit: Mitchell Horne <mhorne@FreeBSD.org> CommitDate: 2023-10-18 18:01:49 +0000 cr_canseeothergids(): Use real instead of effective group membership Using the effective group and not the real one when testing membership has the consequence that unprivileged processes cannot see setuid commands they launch until these have relinquished their privileges. This is also in contradiction with how the similar cr_canseeotheruids() works, i.e., by taking into account real user IDs. Fix this by substituting groupmember() with realgroupmember(). While here, simplify the code. Approved by: re (gjb) PR: 272093 Reviewed by: mhorne Sponsored by: Kumacom SAS Differential Revision: https://reviews.freebsd.org/D40642 Differential Revision: https://reviews.freebsd.org/D40644 (cherry picked from commit 91658080f1a598ddda03943a783c9a941199f7d2) (cherry picked from commit 0452dd841336cea7cd979b13ef12b6ea5e992eff) (cherry picked from commit 4e7cea61051abc476c64e4a996397235f5a881bc) share/man/man9/cr_bsd_visible.9 | 2 +- share/man/man9/cr_canseeothergids.9 | 8 ++++---- sys/kern/kern_prot.c | 23 ++++++++++------------- 3 files changed, 15 insertions(+), 18 deletions(-) --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272093-227-y6XkzibsaE>