diff options
| author | Kyle Evans <kevans@FreeBSD.org> | 2025-08-26 22:49:25 +0000 |
|---|---|---|
| committer | Kyle Evans <kevans@FreeBSD.org> | 2025-08-26 22:49:25 +0000 |
| commit | 0d843cc2e2a373f01f90453712c62b6bdcb12298 (patch) | |
| tree | d8a302f7c4ec7616bdc1002319773838728e6bab | |
| parent | 159503125826bc2d3b988921e7e85735ee09ad46 (diff) | |
We had fixed some of the assertions here, but I had overlooked one more
that doesn't make any sense. We could coalesce these two at the end,
but I guess it's good to be sure that getgroups(2) doesn't have some
bug where we'll feed userspace a GID if it makes room for it.
Reported by: S. Ross Gohlke <ross bisd ro>
Fixes: 9da2fe96ff ("kern: fix setgroups(2) and getgroups(2) [...]")
| -rw-r--r-- | sbin/hastd/subr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/sbin/hastd/subr.c b/sbin/hastd/subr.c index 284fb0d07647..add1280e960b 100644 --- a/sbin/hastd/subr.c +++ b/sbin/hastd/subr.c @@ -284,7 +284,7 @@ drop_privs(const struct hast_resource *res) PJDLOG_VERIFY(rgid == pw->pw_gid); PJDLOG_VERIFY(egid == pw->pw_gid); PJDLOG_VERIFY(sgid == pw->pw_gid); - PJDLOG_VERIFY(getgroups(0, NULL) == 1); + PJDLOG_VERIFY(getgroups(0, NULL) == 0); PJDLOG_VERIFY(getgroups(1, gidset) == 0); pjdlog_debug(1, |