[PATCH 1/4] Make sure groups[0] is the effective gid on FreeBSD.

[Jeremy Allison]

On Fri, Jun 08, 2007 at 09:01:44AM -0700, James Peach wrote:
> 
> There's 2 related issues in this patch set. The first is the BSD-style  
> changes for setgroups, the second is the Darwin-specific changes to  
> the order of credential operations.

If it's Darwin specific then I want it split into a Darwin-specific
change.

> The current code intertwines these two parts in two places,  
> set_sec_ctx() and pop_sec_ctx(). I felt that splitting the credential  
> switch into a separate function made this a lot clearer. There is  
> exactly one place where the credential is switched and the credential  
> switching code is not mixed with the security context stack management  
> code. The result is credential switching code that is easier to read,  
> audit and log.

Sez you. The existing code works, and works well on all
but one class of broken systems (*BSD).

Please do not modify existing working code, just fix
the specific problem. Don't get creative here.

> Yep, I have a tree with a similar patch, but the Darwin initgroups  
> wrapper needs to be passed the UID you are switching to. Additionally,  
> for Darwin the order of operations in the credential switch is  
> important. This means that I can't hide all of this behind  
> sys_setgroups().

That's a Darwin bug (IMHO). Their credentials system is now
non-POSIX and now non-standard.

When are they planning to fix that ?

> I would be very happy to split apply_unix_token into a separate Darwin  
> implementation, if you would prefer that better. Perhaps it is poorly  
> named, maybe it should be:
> 
> 	BOOL switch_to_credential(const UNIX_USER_TOKEN *ut)

No, I want the change I asked for - a modified
sys_setgroups that works for *BSD.

If Darwin is broken after that, then let's push for
them to fix their code.

Jeremy.