RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 12:48:10 +00:00
Code Issues Activity Actions

Kernel+LibC: Enforce a limit on the number of supplementary group IDs

Browse source 
This patch adds the NGROUPS_MAX constant and enforces it in
sys$setgroups() to ensure that no process has more than 32 supplementary
group IDs.

The number doesn't mean anything in particular, just had to pick a
number. Perhaps one day we'll have a reason to change it.
This commit is contained in:
Andreas Kling 2022-08-20 22:22:58 +02:00
parent 998c1152ef
commit 9eeee24a39
3 changed files with 15 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
Kernel/Syscalls/setuid.cpp
View file

@ -4,6 +4,7 @@
* SPDX-License-Identifier: BSD-2-Clause
*/
#include <Kernel/API/POSIX/sys/limits.h>
#include <Kernel/Process.h>
namespace Kernel {
@ -246,6 +247,9 @@ ErrorOr<FlatPtr> Process::sys$setgroups(size_t count, Userspace<GroupID const*>
VERIFY_NO_PROCESS_BIG_LOCK(this);
TRY(require_promise(Pledge::id));
if (count > NGROUPS_MAX)
return EINVAL;
auto credentials = this->credentials();
if (!credentials->is_superuser())