Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 18 Oct 2023 18:05:01 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones
Message-ID:  <bug-272093-227-y6XkzibsaE@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-272093-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-272093-227@https.bugs.freebsd.org/bugzilla/>

next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D272093

--- Comment #4 from commit-hook@FreeBSD.org ---
A commit in branch releng/14.0 references this bug:

URL:
https://cgit.FreeBSD.org/src/commit/?id=3D26ff4836c88812b9ee03c4cc127ba2b46=
7173a0e

commit 26ff4836c88812b9ee03c4cc127ba2b467173a0e
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:45 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-18 18:01:49 +0000

    cr_canseeothergids(): Use real instead of effective group membership

    Using the effective group and not the real one when testing membership
    has the consequence that unprivileged processes cannot see setuid
    commands they launch until these have relinquished their privileges.
    This is also in contradiction with how the similar cr_canseeotheruids()
    works, i.e., by taking into account real user IDs.

    Fix this by substituting groupmember() with realgroupmember().  While
    here, simplify the code.

    Approved by:            re (gjb)
    PR:                     272093
    Reviewed by:            mhorne
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40642
    Differential Revision:  https://reviews.freebsd.org/D40644

    (cherry picked from commit 91658080f1a598ddda03943a783c9a941199f7d2)
    (cherry picked from commit 0452dd841336cea7cd979b13ef12b6ea5e992eff)
    (cherry picked from commit 4e7cea61051abc476c64e4a996397235f5a881bc)

 share/man/man9/cr_bsd_visible.9     |  2 +-
 share/man/man9/cr_canseeothergids.9 |  8 ++++----
 sys/kern/kern_prot.c                | 23 ++++++++++-------------
 3 files changed, 15 insertions(+), 18 deletions(-)

--=20
You are receiving this mail because:
You are the assignee for the bug.=



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-272093-227-y6XkzibsaE>