#1 setgid() may restrict directory access

closed-fixed
None
5
2008-07-17
2008-07-15
Anonymous
No

In a file system where the user's access to the files is dependent on being part of a specific group, setting the group id using setgid() does not allow the user to access the files if the default group is used.

For example, if a user is a member of three groups, users (513), sokl(10001), and ukjd(10002), if a certain path is set to grant access to group sokl and the gid is set to 513, then distmake processes do not have access to those files.

I have modified the code in bldserver.c to use initgroups rather than setgid() and that seems to have fixed the problem. The diff is attached.

Hope this is helpful.

Sean
--
sdavis2@mail.nih.gov
--

Discussion

  • diff between fix and old

     
    Attachments
  • Logged In: YES
    user_id=1399516
    Originator: NO

    Thanks for your bug report and associated patch.
    I have committed to fix to CVS.

     
    • assigned_to: nobody --> christophe_lyon
    • status: open --> closed-fixed