Date: Thu, 21 Mar 2002 19:02:35 -0800 (PST) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 8190 for review Message-ID: <200203220302.g2M32Zf96756@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=8190 Change 8190 by rwatson@rwatson_paprika on 2002/03/21 19:02:02 When matching a specific gid for the 'specificgid' exception, match with any gid of the subject group set as well as its real gid, not just the real gid. This way, if you set the magic gid to be an 'admins' group, it doesn't have to be their primary group. Affected files ... ... //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 edit Differences ... ==== //depot/projects/trustedbsd/mac/sys/security/mac_seeotheruids/mac_seeotheruids.c#2 (text+ko) ==== @@ -91,7 +91,7 @@ static int specificgid_enabled = 0; SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, specificgid_enabled, CTLFLAG_RW, &specificgid_enabled, 0, "Make an exception for credentials " - "with a specific gid as their real primary group id"); + "with a specific gid as their real primary group id or group set"); static gid_t specificgid = 0; SYSCTL_INT(_security_mac_seeotheruids, OID_AUTO, specificgid, CTLFLAG_RW, @@ -110,7 +110,7 @@ } if (specificgid_enabled) { - if (u1->cr_rgid == specificgid) + if (u1->cr_rgid == specificgid || groupmember(specificgid, u1)) return (0); } To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200203220302.g2M32Zf96756>