Subject: bin/24021: cvs(1) doesn't work with mode 770 repositories for secondary gids
To: None <gnats-bugs@gnats.netbsd.org>
From: None <gdt@ir.bbn.com>
List: netbsd-bugs
Date: 01/08/2004 10:52:53
>Number:         24021
>Category:       bin
>Synopsis:       cvs(1) doesn't work with mode 770 repositories for secondary gids
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 08 15:53:01 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Greg Troxel
>Release:        NetBSD 1.6.1_STABLE
>Organization:
        Greg Troxel <gdt@ir.bbn.com>
>Environment:
	
	
System: NetBSD fnord.ir.bbn.com 1.6.1_STABLE NetBSD 1.6.1_STABLE (FNORD) #7: Mon Oct 6 15:46:22 EDT 2003 root@fnord.ir.bbn.com:/home/gdt/QUIST-current/netbsd/src/sys/arch/i386/compile/FNORD i386
Architecture: i386
Machine: i386
>Description:
/usr/bin/cvs does not work with repositories that are accessible by a
user only by virtue of a non-primary gid (i.e., mode 770 for the
directories, group 'fooproj', when the user has primary group 'bardept' and 


>How-To-Repeat:
Create a repository, and

find /CVS-REPO-ROOT -type d | xargs chmod 770
find /CVS-REPO-ROOT -type d | xargs chgrp secondary

create a user which has primary group 'primary' and is in group
'secondary', and try to do cvs operations.

>Fix:

Remove -DSETXID_SUPPORT from /usr/src/gnu/usr.bin/cvs/Makefile.inc, or
fix /usr/src/gnu/dist/cvs/src/filesubr.c:isaccessible() to also check
secondary gids near line 255 (of version 1.1.1.2.2.2).  Sorry, no
patch for the latter.

Index: gnu/usr.bin/cvs/Makefile.inc
===================================================================
RCS file: /NETBSD-CVS/src/gnu/usr.bin/cvs/Makefile.inc,v
retrieving revision 1.3.2.1
diff -u -u -r1.3.2.1 Makefile.inc
--- gnu/usr.bin/cvs/Makefile.inc	27 Sep 2003 15:01:45 -0000	1.3.2.1
+++ gnu/usr.bin/cvs/Makefile.inc	8 Jan 2004 15:53:31 -0000
@@ -6,7 +6,7 @@
 
 IDIST=	${.CURDIR}/../../../dist/cvs
 
-CPPFLAGS+= -DSETXID_SUPPORT -DHAVE_CONFIG_H \
+CPPFLAGS+= -DHAVE_CONFIG_H \
 	-I${.CURDIR}/../include -I${IDIST}/lib \
 	-I${IDIST}/diff -I${IDIST}/src
 
>Release-Note:
>Audit-Trail:
>Unformatted: