Subject: Re: CVS commit: src/sys
To: Bill Stouder-Studenmund <wrstuden@netbsd.org>
From: David Laight <david@l8s.co.uk>
List: tech-security
Date: 06/24/2007 20:43:30
On Sun, Jun 24, 2007 at 11:30:10AM -0700, Bill Stouder-Studenmund wrote:
>
> Setting groups:
How about:
@@ -131,6 +131,28 @@ kauth_cred_alloc(void)
return (cred);
}
+kauth_cred_t
+kauth_cred_alloc1(int ngroups, gid_t **grbuf)
+{
+ kauth_cred_t cred;
+
+ if (ngroups < 0 || ngroups > NGROUPS)
+ return NULL;
+
+ cred = kauth_cred_alloc();
+ cred->cr_ngroups = ngroups;
+ if (grbuf != NULL)
+ *grbuf = cred->cr_groups;
+
+ return cred;
+}
+
+void
+kauth_cred_alloc_finalise_grouplist(kauth_cred_t cred)
+{
+ KASSERT(cred->cr_refcnt == 1);
+}
+
@@ -567,19 +567,17 @@ sys_setgroups(struct lwp *l, void *v, re
int error;
gid_t *grbuf;
- ncred = kauth_cred_alloc();
+ ncred = kauth_cred_alloc1(SCARG(uap, gidsetsize), &grbuf);
+ if (ncred == NULL)
+ return EINVAL;
- grbuf = kauth_cred_setngroups(ncred, SCARG(uap, gidsetsize));
- if (grbuf == NULL)
- error = EINVAL;
- else {
- error = copyin(SCARG(uap, gidset), grbuf,
- SCARG(uap, gidsetsize) * sizeof(gid_t));
- }
+ error = copyin(SCARG(uap, gidset), grbuf,
+ SCARG(uap, gidsetsize) * sizeof(gid_t));
if (error != 0) {
kauth_cred_free(ncred);
return error;
}
+ kauth_cred_alloc_finalise_grouplist(ncred);
return kauth_proc_setgroups(l, ncred);
}
David
--
David Laight: david@l8s.co.uk