The branch main has been updated by olce:
URL:
https://cgit.FreeBSD.org/src/commit/?id=d9e11f01ef076749e58614c03168e89f161dd978
commit d9e11f01ef076749e58614c03168e89f161dd978
Author: Olivier Certner <o...@freebsd.org>
AuthorDate: 2025-08-26 10:05:15 +0000
Commit: Olivier Certner <o...@freebsd.org>
CommitDate: 2025-09-09 15:56:47 +0000
hwt: On attach, ensure owner is a target effective GID's member
This restores a check that existed prior to commit be1f7435ef218b1d
("kern: start tracking cr_gid outside of cr_groups[]").
Fixes: be1f7435ef218b1d ("kern: start tracking cr_gid outside of
cr_groups[]")
MFC after: 9 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D52253
---
sys/dev/hwt/hwt_ioctl.c | 9 ++++-----
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/sys/dev/hwt/hwt_ioctl.c b/sys/dev/hwt/hwt_ioctl.c
index 592db4931bb4..184c7e72f986 100644
--- a/sys/dev/hwt/hwt_ioctl.c
+++ b/sys/dev/hwt/hwt_ioctl.c
@@ -112,12 +112,11 @@ hwt_priv_check(struct proc *o, struct proc *t)
error = EPERM;
goto done;
}
-
- /* Check the read and saved GIDs too. */
- if (!groupmember(tc->cr_rgid, oc) ||
+ if (!groupmember(tc->cr_gid, oc) ||
+ !groupmember(tc->cr_rgid, oc) ||
!groupmember(tc->cr_svgid, oc)) {
- error = EPERM;
- goto done;
+ error = EPERM;
+ goto done;
}
done:
