getgrgid() and setegid()

Pierre A. Humblet
Sun Jun 2 16:46:00 GMT 2002


This is not related to your group 32 changes, they are fine.

getgrgid32 (gid) returns the default grp if the gid does not
exist and allow_ntsec is FALSE. As a result, calling setegid()
with a non-existent gid can put a user in the admins group
when allow_ntsec is FALSE.

If you think it's undesirable, apply the following patch.


P.S.: There was an earlier patch on 2002-01-21 to take care of the 
same problem when ntsec is on. With the recent changes, it also 
occurs when ntsec is off...

2002-05-30  Pierre Humblet <> (setegid32): Verify the correctness of the gid 
	of the group returned by getgrgid32.

---    2002-05-30 18:15:24.000000000 -0400
+++ 2002-05-30 18:50:32.000000000 -0400
@@ -2169,7 +2169,8 @@
   cygsid gsid;
   HANDLE ptok;
-  if (!(gsid.getfromgr (getgrgid32 (gid))))
+  struct __group32 * gr = getgrgid32 (gid);
+  if (!gr || gr->gr_gid != gid || !gsid.getfromgr (gr))
       set_errno (EINVAL);
       return -1;

More information about the Cygwin-patches mailing list