git: 91658080f1a5 - main - cr_canseeothergids(): Use real instead of effective group membership

From: Mitchell Horne <mhorne_at_FreeBSD.org>
Date: Thu, 28 Sep 2023 15:10:51 UTC
The branch main has been updated by mhorne:

URL: https://cgit.FreeBSD.org/src/commit/?id=91658080f1a598ddda03943a783c9a941199f7d2

commit 91658080f1a598ddda03943a783c9a941199f7d2
Author:     Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:45 +0000
Commit:     Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-09-28 15:05:46 +0000

    cr_canseeothergids(): Use real instead of effective group membership
    
    Using the effective group and not the real one when testing membership
    has the consequence that unprivileged processes cannot see setuid
    commands they launch until these have relinquished their privileges.
    This is also in contradiction with how the similar cr_canseeotheruids()
    works, i.e., by taking into account real user IDs.
    
    Fix this by substituting groupmember() with realgroupmember().  While
    here, simplify the code.
    
    PR:                     272093
    Reviewed by:            mhorne
    MFC after:              2 weeks
    Sponsored by:           Kumacom SAS
    Differential Revision:  https://reviews.freebsd.org/D40642
---
 sys/kern/kern_prot.c | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c
index b62a5e9ee20b..0f15771fb00d 100644
--- a/sys/kern/kern_prot.c
+++ b/sys/kern/kern_prot.c
@@ -1408,21 +1408,18 @@ SYSCTL_INT(_security_bsd, OID_AUTO, see_other_gids, CTLFLAG_RW,
 static int
 cr_canseeothergids(struct ucred *u1, struct ucred *u2)
 {
-	int i, match;
-
 	if (!see_other_gids) {
-		match = 0;
-		for (i = 0; i < u1->cr_ngroups; i++) {
-			if (groupmember(u1->cr_groups[i], u2))
-				match = 1;
-			if (match)
-				break;
-		}
-		if (!match) {
-			if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0)
-				return (ESRCH);
-		}
+		if (realgroupmember(u1->cr_rgid, u2))
+			return (0);
+
+		for (int i = 1; i < u1->cr_ngroups; i++)
+			if (realgroupmember(u1->cr_groups[i], u2))
+				return (0);
+
+		if (priv_check_cred(u1, PRIV_SEEOTHERGIDS) != 0)
+			return (ESRCH);
 	}
+
 	return (0);
 }