From 032a549481444395558286b433296c97c09c721d Mon Sep 17 00:00:00 2001 From: Jim Meyering Date: Fri, 27 Apr 2012 13:28:32 +0200 Subject: id,groups: with no user name, print only real and/or effective IDs, ... i.e., don't use the getpw* functions. Before this change, running groups or id with no user name argument would include a group name or ID from /etc/passwd. Thus, under unusual circumstances (default group is changed, but has not taken effect for a given session), those programs could print a name or ID that is neither real nor effective. To demonstrate, run this: echo 'for i in 1 2; do id -G; sleep 1.5; done' \ |su -s /bin/sh ftp - & sleep 1; perl -pi -e 's/^(ftp:x:\d+):(\d+)/$1:9876/' /etc/passwd Those id -G commands printed the following: 50 50 9876 With this change, they print this: 50 50 Similarly, running those programs set-GID could make them print one ID too many. * src/group-list.c (print_group_list): When username is NULL, pass egid, not getpwuid(ruid)->pw_gid), to xgetgroups, per the API requirements of xgetgroups callee, mgetgroups. When not using the password database, don't call getpwuid. * NEWS (Bug fixes): Mention it. * tests/misc/id-setgid: New file. * tests/Makefile.am (TESTS): Add it. (root_tests): It's a root-only test, so add it here, too. Originally reported by Brynnen Owen as http://bugs.gnu.org/7320. Raised again by Marc Mengel in http://bugzilla.redhat.com/816708. --- tests/Makefile.am | 2 ++ 1 file changed, 2 insertions(+) (limited to 'tests/Makefile.am') diff --git a/tests/Makefile.am b/tests/Makefile.am index ce2366b58..72717e318 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -36,6 +36,7 @@ root_tests = \ ls/nameless-uid \ misc/chcon \ misc/chroot-credentials \ + misc/id-setgid \ misc/selinux \ misc/truncate-owned-by-other \ mkdir/writable-under-readonly \ @@ -198,6 +199,7 @@ TESTS = \ misc/head-pos \ misc/id-context \ misc/id-groups \ + misc/id-setgid \ misc/md5sum \ misc/md5sum-bsd \ misc/md5sum-newline \ -- cgit v1.2.3-54-g00ecf