Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Sep 2025 12:03:37 GMT
From:      Olivier Certner <olce@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 7bab0263aafe - stable/15 - cr_canseeothergids(): Make the logic easier to grasp
Message-ID:  <202509231203.58NC3bHs008582@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch stable/15 has been updated by olce:

URL: https://cgit.FreeBSD.org/src/commit/?id=7bab0263aafef686e8ca22e28bb0604cf9372f5d

commit 7bab0263aafef686e8ca22e28bb0604cf9372f5d
Author:     Olivier Certner <olce@FreeBSD.org>
AuthorDate: 2025-08-27 16:53:14 +0000
Commit:     Olivier Certner <olce@FreeBSD.org>
CommitDate: 2025-09-23 12:02:43 +0000

    cr_canseeothergids(): Make the logic easier to grasp
    
    Invert the initial test on whether the policy is in force so that, if
    there are no restrictions, the function bails out early, allowing to
    de-indent the rest of the code and have it finish with a non-zero (deny)
    'return'.
    
    No functional change (intended).
    
    MFC after:      5 days
    Sponsored by:   The FreeBSD Foundation
    Differential Revision:  https://reviews.freebsd.org/D52272
    
    (cherry picked from commit f75d0dc533923345c653dcdcd5ebd1e53377a7c5)
---
 sys/kern/kern_prot.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index 6485254d300d..a4c5bcc52529 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1885,19 +1885,22 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW,
 static int
 cr_canseeothergids(struct ucred *u1, struct ucred *u2)
 {
-	if (!see_other_gids) {
-		if (realgroupmember(u1->cr_rgid, u2))
-			return (0);
+	if (see_other_gids)
+		return (0);
 
-		for (int i = 0; i < u1->cr_ngroups; i++)
-			if (realgroupmember(u1->cr_groups[i], u2))
-				return (0);
+	/* Restriction in force. */
 
-		if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0)
-			return (ESRCH);
-	}
+	if (realgroupmember(u1->cr_rgid, u2))
+		return (0);
 
-	return (0);
+	for (int i = 0; i < u1->cr_ngroups; i++)
+		if (realgroupmember(u1->cr_groups[i], u2))
+			return (0);
+
+	if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) == 0)
+		return (0);
+
+	return (ESRCH);
 }
 
 /*

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509231203.58NC3bHs008582>