[Bug 272093] The 'see_other_gids' security policy considers the effective group IDs and not the real ones
Date: Tue, 17 Oct 2023 19:44:04 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=272093
--- Comment #3 from commit-hook@FreeBSD.org ---
A commit in branch stable/14 references this bug:
URL:
https://cgit.FreeBSD.org/src/commit/?id=f482bc958437e90cf8eb3a9e45e92efeb0b2556e
commit f482bc958437e90cf8eb3a9e45e92efeb0b2556e
Author: Olivier Certner <olce.freebsd@certner.fr>
AuthorDate: 2023-08-17 23:54:45 +0000
Commit: Mitchell Horne <mhorne@FreeBSD.org>
CommitDate: 2023-10-17 19:42:59 +0000
cr_canseeothergids(): Use real instead of effective group membership
Using the effective group and not the real one when testing membership
has the consequence that unprivileged processes cannot see setuid
commands they launch until these have relinquished their privileges.
This is also in contradiction with how the similar cr_canseeotheruids()
works, i.e., by taking into account real user IDs.
Fix this by substituting groupmember() with realgroupmember(). While
here, simplify the code.
PR: 272093
Reviewed by: mhorne
MFC after: 2 weeks
Sponsored by: Kumacom SAS
Differential Revision: https://reviews.freebsd.org/D40642
Differential Revision: https://reviews.freebsd.org/D40644
(cherry picked from commit 91658080f1a598ddda03943a783c9a941199f7d2)
(cherry picked from commit 0452dd841336cea7cd979b13ef12b6ea5e992eff)
share/man/man9/cr_bsd_visible.9 | 2 +-
share/man/man9/cr_canseeothergids.9 | 8 ++++----
sys/kern/kern_prot.c | 23 ++++++++++-------------
3 files changed, 15 insertions(+), 18 deletions(-)
--
You are receiving this mail because:
You are the assignee for the bug.