Return to BSD News archive
Path: sserve!euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!yarrina.connect.com.au!classic.iinet.com.au!news.uoregon.edu!gatech!news.sprintlink.net!in2.uu.net!vanbc.wimsey.com!cynic.portal.ca!curt
From: curt@cynic.portal.ca (Curt Sampson)
Newsgroups: comp.unix.bsd.misc
Subject: Re: Bug in setgroups() (FreeBSD, maybe NET/BSDI/4.4)
Date: 12 Aug 1995 17:26:52 GMT
Organization: Internet Portal Services, Ltd.
Lines: 43
Message-ID: <40io8s$nvh@wolfe.wimsey.com>
References: <DD28DH.997@reptiles.org>
NNTP-Posting-Host: cynic.portal.ca
In article <DD28DH.997@reptiles.org>, Jim Mercer <jim@reptiles.org> wrote:
>if setgroups() is called with numgrps = 0, FreeBSD (at least) will delete
>the current processes group associations, all of them including the
>default login group.
NetBSD returns EINVAL if you pass 0 groups to setgroups:
/* from NetBSD 1.0 sys/kern/kern_prot.c */
ngrp = uap->gidsetsize;
if (ngrp < 1 || ngrp > NGROUPS)
return (EINVAL);
The 4.4BSD-Lite doesn't:
/* from 4.4BSD-Lite sys/kern/kern_prot.c */
if ((ngrp = uap->gidsetsize) > NGROUPS)
return (EINVAL);
I notice that, under NetBSD, the real group ID of the user (given
in the fourth field of the /etc/passwd file) is returned in gidset[0].
If the user is also in that group in /etc/groups, that same group
number is also in the following group access list. It appears that
gidset[0] is the real group ID, though I can't find any documentation
documentation of this behaviour, nor any supported way to retrieve
just the real group ID.
According to the 4.4BSD-Lite intro(2) manual page, "Each user is...a
member of one or more groups," and "All processes have a...real
group ID." The page distinguishes between the real group ID, and the
group access list.
It strikes me, then, that the behaviour of the NetBSD call is
correct: you may not let a process remove itself from all groups.
The ability to do this is a bug in 4.4BSD-Lite that has been passed
in to FreeBSD.
cjs
--
Curt Sampson curt@portal.ca Info at http://www.portal.ca/
Internet Portal Services, Inc.
Vancouver, BC (604) 257-9400 De gustibus, aut bene aut nihil.