From 0582e0fefb12d5b783c84b58cd0bf0242516af50 Mon Sep 17 00:00:00 2001 From: mckusick Date: Tue, 6 Feb 2018 19:09:49 +0000 Subject: [PATCH] MFC of 328304 and 328382. Do not dedup egid (group entry 0) git-svn-id: svn://svn.freebsd.org/base/stable/10@328943 ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f --- lib/libc/gen/getgrent.c | 2 +- lib/libc/sys/setgroups.2 | 19 ++++++++++++++++++- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/lib/libc/gen/getgrent.c b/lib/libc/gen/getgrent.c index cc4a235f9..f660e48cf 100644 --- a/lib/libc/gen/getgrent.c +++ b/lib/libc/gen/getgrent.c @@ -433,7 +433,7 @@ gr_addgid(gid_t gid, gid_t *groups, int maxgrp, int *grpcnt) { int ret, dupc; - for (dupc = 0; dupc < MIN(maxgrp, *grpcnt); dupc++) { + for (dupc = 1; dupc < MIN(maxgrp, *grpcnt); dupc++) { if (groups[dupc] == gid) return 1; } diff --git a/lib/libc/sys/setgroups.2 b/lib/libc/sys/setgroups.2 index ef4c34c26..2b20e7f14 100644 --- a/lib/libc/sys/setgroups.2 +++ b/lib/libc/sys/setgroups.2 @@ -28,7 +28,7 @@ .\" @(#)setgroups.2 8.2 (Berkeley) 4/16/94 .\" $FreeBSD$ .\" -.Dd April 16, 1994 +.Dd January 19, 2018 .Dt SETGROUPS 2 .Os .Sh NAME @@ -56,6 +56,23 @@ more than .Dv {NGROUPS_MAX}+1 . .Pp Only the super-user may set a new group list. +.Pp +The first entry of the group array +.Pq Va gidset[0] +is used as the effective group-ID for the process. +This entry is over-written when a setgid program is run. +To avoid losing access to the privileges of the +.Va gidset[0] +entry, it should be duplicated later in the group array. +By convention, +this happens because the group value indicated +in the password file also appears in +.Pa /etc/group . +The group value in the password file is placed in +.Va gidset[0] +and that value then gets added a second time when the +.Pa /etc/group +file is scanned to create the group set. .Sh RETURN VALUES .Rv -std setgroups .Sh ERRORS -- 2.42.0