[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Reply: bugzilla-noreply_a_freebsd.org: "[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 20 Jun 2023 13:03:19 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272093

            Bug ID: 272093
           Summary: The 'see_other_gids' security policy considers the
                    effective group IDs and not the real ones
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: olivier.freebsd@free.fr

This has the consequence that unprivileged processes cannot see setuid commands
they launch until these have relinquished their privileges.

This is also in contradiction with how the parallel 'see_other_uids' work,
i.e., by taking into account real user IDs.

Fix to be referenced after bug creation.

-- 
You are receiving this mail because:
You are the assignee for the bug.