Summary: | <allow group="foo"> only matches against auxiliary groups, not primary group | ||
---|---|---|---|
Product: | dbus | Reporter: | Sascha Silbe <sascha-web-bugs.freedesktop.org> |
Component: | core | Assignee: | Havoc Pennington <hp> |
Status: | RESOLVED MOVED | QA Contact: | John (J5) Palmieri <johnp> |
Severity: | normal | ||
Priority: | medium | CC: | chengwei.yang.cn, msniko14 |
Version: | 1.5 | Keywords: | patch |
Hardware: | All | ||
OS: | All | ||
Whiteboard: | review? for test | ||
i915 platform: | i915 features: | ||
Attachments: |
[PATCH] policy: check against primary group as well, not just auxiliary groups (fd.o#30938)
Add a manual test for user/group info on Unix |
Description
Sascha Silbe
2010-10-17 09:04:01 UTC
Patch posted on the dbus mailing list: http://lists.freedesktop.org/archives/dbus/2010-October/013635.html Created attachment 39878 [details] [review] [PATCH] policy: check against primary group as well, not just auxiliary groups (fd.o#30938) Attaching the patch to this bug as well now since I didn't get any reply on the mailing list. (In reply to comment #2) > [PATCH] policy: check against primary group as well, not just auxiliary > groups (fd.o#30938) Is this still wrong in 1.6.x? On what operating system? As far as I can see, DBusUserInfo.group_ids is meant to be filled with all the groups (specifically including the primary GID), but fill_user_info() in dbus-sysdeps-unix.c omits the primary GID on the HAVE_GETGROUPLIST code path. I'd prefer to fix it in fill_user_info() rather than working around it elsewhere. Created attachment 84739 [details] [review] Add a manual test for user/group info on Unix --- This seems to work fine for me, on Debian unstable (early development of Debian 8) with Linux 3.10 and glibc 2.17. I get my primary group ID in both primary_gid and group_ids[0], as documented. (In reply to comment #3) > (In reply to comment #2) > > [PATCH] policy: check against primary group as well, not just auxiliary > > groups (fd.o#30938) > > Is this still wrong in 1.6.x? On what operating system? > > As far as I can see, DBusUserInfo.group_ids is meant to be filled with all > the groups (specifically including the primary GID), but fill_user_info() in > dbus-sysdeps-unix.c omits the primary GID on the HAVE_GETGROUPLIST code > path. I'd prefer to fix it in fill_user_info() rather than working around it > elsewhere. I see on the HAVE_GETGROUPLIST code path in fill_user_info() call getgrouplist(3) to fill user group list. Which does return the primary group as well auxiliary groups. (In reply to comment #3) > Is this still wrong in 1.6.x? On what operating system? Please answer, and preferably try the manual test that I attached. -- GitLab Migration Automatic Message -- This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/dbus/dbus/issues/32. |
Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.