This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

getgrgid() and setegid()

From: "Pierre A. Humblet" <Pierre dot Humblet at ieee dot org>
To: cygwin-patches at cygwin dot com
Date: Sun, 02 Jun 2002 19:40:17 -0400
Subject: getgrgid() and setegid()

Corinna.

This is not related to your group 32 changes, they are fine.

getgrgid32 (gid) returns the default grp if the gid does not
exist and allow_ntsec is FALSE. As a result, calling setegid()
with a non-existent gid can put a user in the admins group
when allow_ntsec is FALSE.

If you think it's undesirable, apply the following patch.

Pierre

P.S.: There was an earlier patch on 2002-01-21 to take care of the 
same problem when ntsec is on. With the recent changes, it also 
occurs when ntsec is off...

2002-05-30  Pierre Humblet <pierre.humblet@ieee.org>

	syscalls.cc (setegid32): Verify the correctness of the gid 
	of the group returned by getgrgid32.

--- syscalls.cc.orig    2002-05-30 18:15:24.000000000 -0400
+++ syscalls.cc 2002-05-30 18:50:32.000000000 -0400
@@ -2169,7 +2169,8 @@
   cygsid gsid;
   HANDLE ptok;
 
-  if (!(gsid.getfromgr (getgrgid32 (gid))))
+  struct __group32 * gr = getgrgid32 (gid);
+  if (!gr || gr->gr_gid != gid || !gsid.getfromgr (gr))
     {
       set_errno (EINVAL);
       return -1;

Follow-Ups:
- Re: getgrgid() and setegid()
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]