Re: kern/55675: ZFS mounts do not work with setuid programs

["J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>]

The following reply was made to PR kern/55675; it has been noted by GNATS.

From: "J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: 
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 17:18:56 +0200

 --Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0
 Content-Type: multipart/mixed;
 	boundary="Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E"
 
 
 --Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain;
 	charset=us-ascii
 
 The attached diff should fix it -- please give it a try.
 
 --
 J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig
 
 
 --Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E
 Content-Disposition: attachment;
 	filename=005_groupmember.diff
 Content-Type: application/octet-stream;
 	x-unix-mode=0644;
 	name="005_groupmember.diff"
 Content-Transfer-Encoding: 7bit
 
 groupmember
 
 Stub groupmember() has to test both group list and current group id.
 
 Should fix kern/55675: ZFS mounts do not work with setuid programs
 
 diff -r 24849a7159a2 -r 46d585baea20 external/cddl/osnet/sys/sys/cred.h
 --- external/cddl/osnet/sys/sys/cred.h
 +++ external/cddl/osnet/sys/sys/cred.h
 @@ -70,10 +70,12 @@ extern kauth_cred_t	cred0;
  static __inline int
  groupmember(gid_t gid, cred_t *cr) 
  {
 -	int result;
 +	int result, error;
  
 -	kauth_cred_ismember_gid(cr, gid, &result);
 -	return result;
 +	error = kauth_cred_ismember_gid(cr, gid, &result);
 +	if (error)
 +		return 0;
 +	return (kauth_cred_getegid(cr) == gid || result);
  }
  
  #endif	/* _KERNEL */
 
 --Apple-Mail=_B35E756D-EA11-4561-B405-B28CD43E702E--
 
 --Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP
 
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DImAACgkQKoaVJdNr
 +uHWgQf/QUVUBgLrj9KxITjfvbZJHbA1Ed0dgPLDEOtoHtkjnvxFHmbPOQZmaczy
 +/T4oGi8ksFov5Z2FFP/DZvVa0Vfui2M7z58QFe+nhNq62gpld2xHdgqfL/rCQhC
 wclQGUEj2NsZEf/Zh4Fz45v4IkI1OnxA3UUx2IEx22y6G1h4MNBgyNdZh3qKaVfg
 zbNsBSDwvz2FGZOhIJ/MI+sefmC3WMC6P7EFKysU9DhQs1YJxUx3OxxYraPl78KV
 7QzZTl6y7fK47dbHK4pGL+ax+z2K2+tKla4pSWaXdVdDKuF1QZIr6QEgQw7lNzkx
 EuNnMqadgX4frXr2tNHZUmkonO7MTQ==
 =kcVi
 -----END PGP SIGNATURE-----
 
 --Apple-Mail=_FD5C4126-8716-413F-A118-289775FC30E0--