diff options
| author | Olivier Certner <olce@FreeBSD.org> | 2025-08-26 10:05:15 +0000 |
|---|---|---|
| committer | Olivier Certner <olce@FreeBSD.org> | 2025-09-09 15:56:47 +0000 |
| commit | d9e11f01ef076749e58614c03168e89f161dd978 (patch) | |
| tree | 4e2772e9580168bf1d89bd470995c7898620bc61 | |
| parent | 1c40b15971f09c0c0676ae476b88b32166eae8ac (diff) | |
hwt: On attach, ensure owner is a target effective GID's member
This restores a check that existed prior to commit be1f7435ef218b1d
("kern: start tracking cr_gid outside of cr_groups[]").
Fixes: be1f7435ef218b1d ("kern: start tracking cr_gid outside of cr_groups[]")
MFC after: 9 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52253
| -rw-r--r-- | sys/dev/hwt/hwt_ioctl.c | 9 |
1 files changed, 4 insertions, 5 deletions
diff --git a/sys/dev/hwt/hwt_ioctl.c b/sys/dev/hwt/hwt_ioctl.c index 592db4931bb4..184c7e72f986 100644 --- a/sys/dev/hwt/hwt_ioctl.c +++ b/sys/dev/hwt/hwt_ioctl.c @@ -112,12 +112,11 @@ hwt_priv_check(struct proc *o, struct proc *t) error = EPERM; goto done; } - - /* Check the read and saved GIDs too. */ - if (!groupmember(tc->cr_rgid, oc) || + if (!groupmember(tc->cr_gid, oc) || + !groupmember(tc->cr_rgid, oc) || !groupmember(tc->cr_svgid, oc)) { - error = EPERM; - goto done; + error = EPERM; + goto done; } done: |