rpm/coreutils
SHA256
1
0
Fork 0
forked from pool/coreutils
Code Pull Requests Activity
f19e5aa699
coreutils/coreutils-id_show_real_groups.patch

177 lines
6.3 KiB
Diff
Raw Blame History

commit 032a549481444395558286b433296c97c09c721d
Author: Jim Meyering <meyering@redhat.com>
Date: Fri Apr 27 13:28:32 2012 +0200
id,groups: with no user name, print only real and/or effective IDs,
... i.e., don't use the getpw* functions.
Before this change, running groups or id with no user name argument
would include a group name or ID from /etc/passwd. Thus, under unusual
circumstances (default group is changed, but has not taken effect for a
given session), those programs could print a name or ID that is neither
real nor effective.
To demonstrate, run this:
echo 'for i in 1 2; do id -G; sleep 1.5; done' \
|su -s /bin/sh ftp - &
sleep 1; perl -pi -e 's/^(ftp:x:\d+):(\d+)/$1:9876/' /etc/passwd
Those id -G commands printed the following:
50
50 9876
With this change, they print this:
50
50
Similarly, running those programs set-GID could make them
print one ID too many.
* src/group-list.c (print_group_list): When username is NULL, pass
egid, not getpwuid(ruid)->pw_gid), to xgetgroups, per the API
requirements of xgetgroups callee, mgetgroups.
When not using the password database, don't call getpwuid.
* NEWS (Bug fixes): Mention it.
* tests/misc/id-setgid: New file.
* tests/Makefile.am (TESTS): Add it.
(root_tests): It's a root-only test, so add it here, too.
Originally reported by Brynnen Owen as http://bugs.gnu.org/7320.
Raised again by Marc Mengel in http://bugzilla.redhat.com/816708.
Index: NEWS
===================================================================
--- NEWS.orig 2012-03-26 14:06:43.000000000 +0200
+++ NEWS 2012-05-07 14:20:23.431517270 +0200
@@ -1,5 +1,15 @@
GNU coreutils NEWS -*- outline -*-
+** Bug fixes
+
+ id and groups, when invoked with no user name argument, would print
+ the default group ID listed in the password database, and sometimes
+ that ID would be neither real nor effective. For example, when run
+ set-GID, or in a session for which the default group has just been
+ changed, the new group ID would be listed, even though it is not
+ yet effective.
+
+
* Noteworthy changes in release 8.16 (2012-03-26) [stable]
** New features
Index: THANKS.in
===================================================================
--- THANKS.in.orig 2012-03-24 19:22:13.000000000 +0100
+++ THANKS.in 2012-05-07 14:19:38.953620833 +0200
@@ -98,6 +98,7 @@ Brian Silverman bsil
Brian Youmans 3diff@gnu.org
Britton Leo Kerin fsblk@aurora.uaf.edu
Bruce Robertson brucer@theodolite.dyndns.org
+Brynnen Owen owen@illinois.edu
Carl Johnson carlj@cjlinux.home.org
Carl Lowenstein cdl@mpl.UCSD.EDU
Carl Roth roth@urs.us
@@ -355,6 +356,7 @@ Manfred Hollstein manf
Марк Коренберг socketpair@gmail.com
Marc Boucher marc@mbsi.ca
Marc Haber mh+debian-bugs@zugschlus.de
+Marc Mengel mengel@fnal.gov
Marc Lehman schmorp@schmorp.de
Marc Olzheim marcolz@stack.nl
Marco Franzen Marco.Franzen@Thyron.com
Index: src/group-list.c
===================================================================
--- src/group-list.c.orig 2012-02-03 14:16:13.000000000 +0100
+++ src/group-list.c 2012-05-07 14:19:38.953620833 +0200
@@ -38,11 +38,14 @@ print_group_list (const char *username,
bool use_names)
{
bool ok = true;
- struct passwd *pwd;
+ struct passwd *pwd = NULL;
- pwd = getpwuid (ruid);
- if (pwd == NULL)
- ok = false;
+ if (username)
+ {
+ pwd = getpwuid (ruid);
+ if (pwd == NULL)
+ ok = false;
+ }
if (!print_group (rgid, use_names))
ok = false;
@@ -58,8 +61,7 @@ print_group_list (const char *username,
gid_t *groups;
int i;
- int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : (gid_t) -1),
- &groups);
+ int n_groups = xgetgroups (username, (pwd ? pwd->pw_gid : egid), &groups);
if (n_groups < 0)
{
if (username)
Index: tests/Makefile.am
===================================================================
--- tests/Makefile.am.orig 2012-05-07 14:19:38.807624454 +0200
+++ tests/Makefile.am 2012-05-07 14:19:38.953620833 +0200
@@ -36,6 +36,7 @@ root_tests = \
ls/nameless-uid \
misc/chcon \
misc/chroot-credentials \
+ misc/id-setgid \
misc/selinux \
misc/truncate-owned-by-other \
mkdir/writable-under-readonly \
@@ -197,6 +198,7 @@ TESTS = \
misc/head-pos \
misc/id-context \
misc/id-groups \
+ misc/id-setgid \
misc/md5sum \
misc/md5sum-bsd \
misc/md5sum-newline \
Index: tests/misc/id-setgid
===================================================================
--- /dev/null 1970-01-01 00:00:00.000000000 +0000
+++ tests/misc/id-setgid 2012-05-07 14:19:38.953620833 +0200
@@ -0,0 +1,34 @@
+#!/bin/sh
+# Verify that id -G prints the right group when run set-GID.
+
+# Copyright (C) 2012 Free Software Foundation, Inc.
+
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+. "${srcdir=.}/init.sh"; path_prepend_ ../src
+print_ver_ id
+require_root_
+
+g=$(id -u $NON_ROOT_USERNAME) || framework_failure_
+
+# Construct a different group number.
+gp1=$(expr $g + 1)
+
+echo $gp1 > exp || framework_failure_
+
+setuidgid -g $gp1 $NON_ROOT_USERNAME env PATH="$PATH" id -G > out || fail=1
+compare exp out || fail=1
+# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
+
+Exit $fail
View Git Blame Copy Permalink