mirror of
https://github.com/opnsense/src.git
synced 2026-06-08 16:22:46 -04:00
7b20967a1a
This fixes several bugs where some 'struct ucred' in the kernel,
constructed from user input (via nmount(2)) or obtained from other
servers (e.g., gssd(8)), could have an unfilled 'cr_groups' field and
whose 'cr_groups[0]' (or 'cr_gid', which is an alias) was later
accessed, causing an uninitialized access giving random access rights.
Use crsetgroups_fallback() to enforce a fallback group when possible.
For NFS, the chosen fallback group is that of the NFS server in the
current VNET (NFSD_VNET(nfsrv_defaultgid)).
There does not seem to be any sensible fallback available in rpc code
(sys/rpc/svc_auth.c, svc_getcred()) on AUTH_UNIX (TLS or not), so just
fail credential retrieval there. Stock NSS sources, rpc.tlsservd(8) or
rpc.tlsclntd(8) provide non-empty group lists, so will not be impacted.
Discussed with: rmacklem (by mail)
Approved by: markj (mentor)
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D46918
(cherry picked from commit
|
||
|---|---|---|
| .. | ||
| rpcsec_gss.c | ||
| rpcsec_gss_conf.c | ||
| rpcsec_gss_int.h | ||
| rpcsec_gss_misc.c | ||
| rpcsec_gss_prot.c | ||
| svc_rpcsec_gss.c | ||