Re: kern/55675: ZFS mounts do not work with setuid programs

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,roy%marples.name@localhost
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
From: Christos Zoulas <christos%zoulas.com@localhost>
Date: Sun, 11 Oct 2020 17:25:01 +0000 (UTC)

The following reply was made to PR kern/55675; it has been noted by GNATS.

From: Christos Zoulas <christos%zoulas.com@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc: kern-bug-people%netbsd.org@localhost,
 gnats-admin%netbsd.org@localhost,
 netbsd-bugs%netbsd.org@localhost,
 roy%marples.name@localhost
Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
Date: Sun, 11 Oct 2020 13:23:42 -0400

 --Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984
 Content-Transfer-Encoding: quoted-printable
 Content-Type: text/plain;
 	charset=us-ascii
 
 Perhaps expose groupmember in genfs_vnops.c instead of duplicating?
 
 christos
 
 > On Oct 11, 2020, at 11:20 AM, J. Hannken-Illjes =
 <hannken%eis.cs.tu-bs.de@localhost> wrote:
 >=20
 > The following reply was made to PR kern/55675; it has been noted by =
 GNATS.
 >=20
 > From: "J. Hannken-Illjes" <hannken%eis.cs.tu-bs.de@localhost>
 > To: gnats-bugs%netbsd.org@localhost
 > Cc:
 > Subject: Re: kern/55675: ZFS mounts do not work with setuid programs
 > Date: Sun, 11 Oct 2020 17:18:56 +0200
 >=20
 > --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0
 > Content-Type: multipart/mixed;
 > 	boundary=3D"Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E"
 >=20
 >=20
 > --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E
 > Content-Transfer-Encoding: 7bit
 > Content-Type: text/plain;
 > 	charset=3Dus-ascii
 >=20
 > The attached diff should fix it -- please give it a try.
 >=20
 > --
 > J. Hannken-Illjes - hannken%eis.cs.tu-bs.de@localhost - TU Braunschweig
 >=20
 >=20
 > --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E
 > Content-Disposition: attachment;
 > 	filename=3D005_groupmember.diff
 > Content-Type: application/octet-stream;
 > 	x-unix-mode=3D0644;
 > 	name=3D"005_groupmember.diff"
 > Content-Transfer-Encoding: 7bit
 >=20
 > groupmember
 >=20
 > Stub groupmember() has to test both group list and current group id.
 >=20
 > Should fix kern/55675: ZFS mounts do not work with setuid programs
 >=20
 > diff -r 24849a7159a2 -r 46d585baea20 =
 external/cddl/osnet/sys/sys/cred.h
 > --- external/cddl/osnet/sys/sys/cred.h
 > +++ external/cddl/osnet/sys/sys/cred.h
 > @@ -70,10 +70,12 @@ extern kauth_cred_t	cred0;
 >  static __inline int
 >  groupmember(gid_t gid, cred_t *cr)
 >  {
 > -	int result;
 > +	int result, error;
 >=20
 > -	kauth_cred_ismember_gid(cr, gid, &result);
 > -	return result;
 > +	error =3D kauth_cred_ismember_gid(cr, gid, &result);
 > +	if (error)
 > +		return 0;
 > +	return (kauth_cred_getegid(cr) =3D=3D gid || result);
 >  }
 >=20
 >  #endif	/* _KERNEL */
 >=20
 > --Apple-Mail=3D_B35E756D-EA11-4561-B405-B28CD43E702E--
 >=20
 > --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0
 > Content-Transfer-Encoding: 7bit
 > Content-Disposition: attachment;
 > 	filename=3Dsignature.asc
 > Content-Type: application/pgp-signature;
 > 	name=3Dsignature.asc
 > Content-Description: Message signed with OpenPGP
 >=20
 > -----BEGIN PGP SIGNATURE-----
 >=20
 > iQEzBAEBCAAdFiEE2BL3ha7Xao4WUZVYKoaVJdNr+uEFAl+DImAACgkQKoaVJdNr
 > +uHWgQf/QUVUBgLrj9KxITjfvbZJHbA1Ed0dgPLDEOtoHtkjnvxFHmbPOQZmaczy
 > +/T4oGi8ksFov5Z2FFP/DZvVa0Vfui2M7z58QFe+nhNq62gpld2xHdgqfL/rCQhC
 > wclQGUEj2NsZEf/Zh4Fz45v4IkI1OnxA3UUx2IEx22y6G1h4MNBgyNdZh3qKaVfg
 > zbNsBSDwvz2FGZOhIJ/MI+sefmC3WMC6P7EFKysU9DhQs1YJxUx3OxxYraPl78KV
 > 7QzZTl6y7fK47dbHK4pGL+ax+z2K2+tKla4pSWaXdVdDKuF1QZIr6QEgQw7lNzkx
 > EuNnMqadgX4frXr2tNHZUmkonO7MTQ=3D=3D
 > =3DkcVi
 > -----END PGP SIGNATURE-----
 >=20
 > --Apple-Mail=3D_FD5C4126-8716-413F-A118-289775FC30E0--
 >=20
 
 
 --Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984
 Content-Transfer-Encoding: 7bit
 Content-Disposition: attachment;
 	filename=signature.asc
 Content-Type: application/pgp-signature;
 	name=signature.asc
 Content-Description: Message signed with OpenPGP
 
 -----BEGIN PGP SIGNATURE-----
 Comment: GPGTools - http://gpgtools.org
 
 iF0EARECAB0WIQS+BJlbqPkO0MDBdsRxESqxbLM7OgUCX4M/ngAKCRBxESqxbLM7
 OpIWAJ4mEzBlbqo0KQPUttolIVd5kdQs6wCfXL3dEN7qXhUR4kvCMZZxJJYDAeY=
 =qbrU
 -----END PGP SIGNATURE-----
 
 --Apple-Mail=_8E994CCC-E054-4CFE-804E-7858D65B4984--

Prev by Date: Re: kern/55675: ZFS mounts do not work with setuid programs
Next by Date: Re: kern/55675: ZFS mounts do not work with setuid programs
Previous by Thread: Re: kern/55675: ZFS mounts do not work with setuid programs
Next by Thread: Re: kern/55675: ZFS mounts do not work with setuid programs
Indexes:

Home | Main Index | Thread Index | Old Index