mirror of
git://git.sv.gnu.org/coreutils.git
synced 2026-04-12 15:06:44 +02:00
032a549481
... i.e., don't use the getpw* functions.
Before this change, running groups or id with no user name argument
would include a group name or ID from /etc/passwd. Thus, under unusual
circumstances (default group is changed, but has not taken effect for a
given session), those programs could print a name or ID that is neither
real nor effective.
To demonstrate, run this:
echo 'for i in 1 2; do id -G; sleep 1.5; done' \
|su -s /bin/sh ftp - &
sleep 1; perl -pi -e 's/^(ftp❌\d+):(\d+)/$1:9876/' /etc/passwd
Those id -G commands printed the following:
50
50 9876
With this change, they print this:
50
50
Similarly, running those programs set-GID could make them
print one ID too many.
* src/group-list.c (print_group_list): When username is NULL, pass
egid, not getpwuid(ruid)->pw_gid), to xgetgroups, per the API
requirements of xgetgroups callee, mgetgroups.
When not using the password database, don't call getpwuid.
* NEWS (Bug fixes): Mention it.
* tests/misc/id-setgid: New file.
* tests/Makefile.am (TESTS): Add it.
(root_tests): It's a root-only test, so add it here, too.
Originally reported by Brynnen Owen as http://bugs.gnu.org/7320.
Raised again by Marc Mengel in http://bugzilla.redhat.com/816708.
35 lines
1.1 KiB
Bash
Executable File
35 lines
1.1 KiB
Bash
Executable File
#!/bin/sh
|
|
# Verify that id -G prints the right group when run set-GID.
|
|
|
|
# Copyright (C) 2012 Free Software Foundation, Inc.
|
|
|
|
# This program is free software: you can redistribute it and/or modify
|
|
# it under the terms of the GNU General Public License as published by
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
# This program is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
# GNU General Public License for more details.
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
. "${srcdir=.}/init.sh"; path_prepend_ ../src
|
|
print_ver_ id
|
|
require_root_
|
|
|
|
g=$(id -u $NON_ROOT_USERNAME) || framework_failure_
|
|
|
|
# Construct a different group number.
|
|
gp1=$(expr $g + 1)
|
|
|
|
echo $gp1 > exp || framework_failure_
|
|
|
|
setuidgid -g $gp1 $NON_ROOT_USERNAME env PATH="$PATH" id -G > out || fail=1
|
|
compare exp out || fail=1
|
|
# With coreutils-8.16 and earlier, id -G would print both: $gp1 $g
|
|
|
|
Exit $fail
|