kgess-mirror/freebsd-src
1
0
Fork 0
mirror of https://git.freebsd.org/src.git synced 2026-01-11 19:57:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

base: do a sweep of setgroups() that mean to clear the supplementaries

Browse source 
In the future, this will be beneficial as we move the egid out of the
groups list; there's no need to track the egid explicitly in our
supplemental groups, and doing so could become a security issue if
setgid() would not end up switching groups[0] as it does today and
we end up wanting to change our egid.

The rwhod diff is a little gratuitious, but I like patterns and
setgroups() -> setgid() -> setuid() is a lot more common than
setgid() -> setgroups() -> setuid().

This is sweep is not exhaustive and intentionally did not include
contrib/, crypto/ or tools/.

Reviewed by:	olce
Differential Revision:	https://reviews.freebsd.org/D51510
This commit is contained in:
Kyle Evans 2025-07-26 01:11:58 -05:00
parent 48fd05999b
commit 1286fd8ecc
5 changed files with 8 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sbin/dhclient/dhclient.c
View file

@ -539,7 +539,7 @@ main(int argc, char *argv[])
setproctitle("%s", ifi->name);
/* setgroups(2) is not permitted in capability mode. */
if (setgroups(1, &pw->pw_gid) != 0)
if (setgroups(0, NULL) != 0)
error("can't restrict groups: %m");
if (caph_enter_casper() < 0)

8
usr.sbin/rwhod/rwhod.c
View file

@ -246,12 +246,12 @@ main(int argc, char *argv[])
syslog(LOG_ERR, "bind: %m");
exit(1);
}
if (setgid(unpriv_gid) != 0) {
syslog(LOG_ERR, "setgid: %m");
if (setgroups(0, NULL) != 0) {
syslog(LOG_ERR, "setgroups: %m");
exit(1);
}
if (setgroups(1, &unpriv_gid) != 0) { /* XXX BOGUS groups[0] = egid */
syslog(LOG_ERR, "setgroups: %m");
if (setgid(unpriv_gid) != 0) {
syslog(LOG_ERR, "setgid: %m");
exit(1);
}
if (setuid(unpriv_uid) != 0) {

2
usr.sbin/ypldap/ldapclient.c
View file

@ -385,7 +385,7 @@ ldapclient(int pipe_main2client[2])
ypldap_process = PROC_CLIENT;
#ifndef DEBUG
if (setgroups(1, &pw->pw_gid) ||
if (setgroups(0, NULL) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("cannot drop privileges");

2
usr.sbin/ypldap/ypldap.c
View file

@ -602,7 +602,7 @@ main(int argc, char *argv[])
fatal("getpwnam");
#ifndef DEBUG
if (setgroups(1, &pw->pw_gid) ||
if (setgroups(0, NULL) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("cannot drop privileges");

2
usr.sbin/ypldap/ypldap_dns.c
View file

@ -91,7 +91,7 @@ ypldap_dns(int pipe_ntp[2], struct passwd *pw)
setproctitle("dns engine");
close(pipe_ntp[0]);
if (setgroups(1, &pw->pw_gid) ||
if (setgroups(0, NULL) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
fatal("can't drop privileges");