kgess-mirror/freebsd-src
1
0
Fork 0
mirror of https://git.freebsd.org/src.git synced 2026-01-11 19:57:22 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

tftpd: explicitly set egid after dropping supplemental groups

Browse source 
tftpd seems to be the last program in base that implicitly relies on
setgroups() to set the egid.  This is a security landmine in portable
software as most operating systems don't behave this way, so do an
explicit setgid() in case the kernel doesn't set it already.

While we're here, FreeBSD's setgroups() has supported nominally clearing
all supplemental groups since 1997.  It still leaves the egid in our
cr_groups[0] because we don't have an out-of-band way to store the egid,
and on other systems it'll clear the supplemental group entirely as one
would want.

Reviewed by:	allanjude (previous version), des, olce
Differential Revision:	https://reviews.freebsd.org/D51149
This commit is contained in:
Kyle Evans 2025-07-24 09:59:07 -05:00
parent 9792103753
commit 5138a20765
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
libexec/tftpd/tftpd.c
View file

@ -351,10 +351,14 @@ main(int argc, char *argv[])
tftp_log(LOG_ERR, "chdir: %s", strerror(errno));
exit(1);
}
if (setgroups(1, &nobody->pw_gid) != 0) {
if (setgroups(0, NULL) != 0) {
tftp_log(LOG_ERR, "setgroups failed");
exit(1);
}
if (setgid(nobody->pw_gid) != 0) {
tftp_log(LOG_ERR, "setgid failed");
exit(1);
}
if (setuid(nobody->pw_uid) != 0) {
tftp_log(LOG_ERR, "setuid failed");
exit(1);