From owner-p4-projects  Thu Mar 21 19: 2:39 2002
Delivered-To: p4-projects@freebsd.org
Received: by hub.freebsd.org (Postfix, from userid 32767)
	id CD46237B404; Thu, 21 Mar 2002 19:02:35 -0800 (PST)
Delivered-To: perforce@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 2D51437B400
	for <perforce@freebsd.org>; Thu, 21 Mar 2002 19:02:35 -0800 (PST)
Received: (from perforce@localhost)
	by freefall.freebsd.org (8.11.6/8.11.6) id g2M32Zf96756
	for perforce@freebsd.org; Thu, 21 Mar 2002 19:02:35 -0800 (PST)
	(envelope-from bb+lists.freebsd.perforce@cyrus.watson.org)
Date: Thu, 21 Mar 2002 19:02:35 -0800 (PST)
Message-Id: <200203220302.g2M32Zf96756@freefall.freebsd.org>
X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f
From: Robert Watson <rwatson@FreeBSD.org>
Subject: PERFORCE change 8190 for review
To: Perforce Change Reviews <perforce@freebsd.org>
Sender: owner-p4-projects@FreeBSD.ORG
Precedence: bulk
List-ID: <p4-projects.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20p4-projects>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20p4-projects>
X-Loop: FreeBSD.ORG

http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8190

Change 8190 by rwatson@rwatson_paprika on 2002/03/21 19:02:02

	When matching a specific gid for the 'specificgid' exception,
	match with any gid of the subject group set as well as its
	real gid, not just the real gid.  This way, if you set the
	magic gid to be an 'admins' group, it doesn't have to be their
	primary group.

Affected files ...

... //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 edit

Differences ...

==== //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 (text+ko) ====

@@ -91,7 +91,7 @@
 static int	specificgid_enabled = 0;
 SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, specificgid_enabled,
     CTLFLAG_RW, &specificgid_enabled, 0, "Make an exception for credentials "
-    "with a specific gid as their real primary group id");
+    "with a specific gid as their real primary group id or group set");
 
 static gid_t	specificgid = 0;
 SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, specificgid, CTLFLAG_RW,
@@ -110,7 +110,7 @@
 	}
 
 	if (specificgid_enabled) {
-		if (u1->cr_rgid == specificgid)
+		if (u1->cr_rgid == specificgid || groupmember(specificgid, u1))
 			return (0);
 	}
 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe p4-projects" in the body of the message