Kernel: Don't include the process GID in the "extra GIDs" table

Process::m_extra_gids is for supplementary GIDs only.
2025-07-25 18:47:34 +00:00 · 2020-01-02 23:45:52 +01:00 · 2020-01-02 23:45:52 +01:00 · fdde5cdf26
commit fdde5cdf26
parent 0958d826d6
3 changed files with 26 additions and 25 deletions
--- a/Kernel/FileSystem/InodeMetadata.h
+++ b/Kernel/FileSystem/InodeMetadata.h
@ -30,35 +30,35 @@ struct InodeMetadata {
    bool may_write(Process&) const;
    bool may_execute(Process&) const;
-    bool may_read(uid_t u, const HashTable<gid_t>& g) const
+    bool may_read(uid_t u, gid_t g, const HashTable<gid_t>& eg) const
    {
        if (u == 0)
            return true;
        if (uid == u)
            return mode & 0400;
-        if (g.contains(gid))
+        if (gid == g || eg.contains(gid))
            return mode & 0040;
        return mode & 0004;
    }
-    bool may_write(uid_t u, const HashTable<gid_t>& g) const
+    bool may_write(uid_t u, gid_t g, const HashTable<gid_t>& eg) const
    {
        if (u == 0)
            return true;
        if (uid == u)
            return mode & 0200;
-        if (g.contains(gid))
+        if (gid == g || eg.contains(gid))
            return mode & 0020;
        return mode & 0002;
    }
-    bool may_execute(uid_t u, const HashTable<gid_t>& g) const
+    bool may_execute(uid_t u, gid_t g, const HashTable<gid_t>& eg) const
    {
        if (u == 0)
            return true;
        if (uid == u)
            return mode & 0100;
-        if (g.contains(gid))
+        if (gid == g || eg.contains(gid))
            return mode & 0010;
        return mode & 0001;
    }
--- a/Kernel/Process.cpp
+++ b/Kernel/Process.cpp
@ -113,7 +113,7 @@ Vector<Process*> Process::all_processes()
 bool Process::in_group(gid_t gid) const
 {
-    return m_gids.contains(gid);
+    return m_gid == gid || m_extra_gids.contains(gid);
 }
 Range Process::allocate_range(VirtualAddress vaddr, size_t size)
@ -530,8 +530,7 @@ pid_t Process::sys$fork(RegisterDump& regs)
            child->m_master_tls_region = &child->m_regions.last();
    }
-    for (auto gid : m_gids)
+    child->m_extra_gids = m_extra_gids;
        child->m_gids.set(gid);
    auto& child_tss = child_first_thread->m_tss;
    child_tss.eax = 0; // fork() returns 0 in the child :^)
@ -605,7 +604,7 @@ int Process::do_exec(String path, Vector<String> arguments, Vector<String> envir
    auto description = result.value();
    auto metadata = description->metadata();
-    if (!metadata.may_execute(m_euid, m_gids))
+    if (!metadata.may_execute(*this))
        return -EACCES;
    if (!metadata.size)
@ -789,7 +788,7 @@ KResultOr<Vector<String>> Process::find_shebang_interpreter_for_executable(const
    auto description = result.value();
    auto metadata = description->metadata();
-    if (!metadata.may_execute(m_euid, m_gids))
+    if (!metadata.may_execute(*this))
        return KResult(-EACCES);
    if (metadata.size < 3)
@ -985,7 +984,7 @@ Process::Process(Thread*& first_thread, const String& name, uid_t uid, gid_t gid
    else
        first_thread = new Thread(*this);
-    m_gids.set(m_gid);
+    //m_gids.set(m_gid);
    if (fork_parent) {
        m_sid = fork_parent->m_sid;
@ -2247,13 +2246,13 @@ int Process::sys$getgroups(ssize_t count, gid_t* gids)
    if (count < 0)
        return -EINVAL;
    if (!count)
-        return m_gids.size();
+        return m_extra_gids.size();
-    if (count != (int)m_gids.size())
+    if (count != (int)m_extra_gids.size())
        return -EINVAL;
-    if (!validate_write_typed(gids, m_gids.size()))
+    if (!validate_write_typed(gids, m_extra_gids.size()))
        return -EFAULT;
    size_t i = 0;
-    for (auto gid : m_gids)
+    for (auto gid : m_extra_gids)
        gids[i++] = gid;
    return 0;
 }
@ -2266,10 +2265,12 @@ int Process::sys$setgroups(ssize_t count, const gid_t* gids)
        return -EPERM;
    if (!validate_read(gids, count))
        return -EFAULT;
-    m_gids.clear();
+    m_extra_gids.clear();
-    m_gids.set(m_gid);
+    for (int i = 0; i < count; ++i) {
-    for (int i = 0; i < count; ++i)
+        if (gids[i] == m_gid)
-        m_gids.set(gids[i]);
+            continue;
        m_extra_gids.set(gids[i]);
    }
    return 0;
 }
--- a/Kernel/Process.h
+++ b/Kernel/Process.h
@ -72,7 +72,7 @@ public:
    pid_t pgid() const { return m_pgid; }
    uid_t uid() const { return m_uid; }
    gid_t gid() const { return m_gid; }
-    const HashTable<gid_t>& gids() const { return m_gids; }
+    const HashTable<gid_t>& extra_gids() const { return m_extra_gids; }
    uid_t euid() const { return m_euid; }
    gid_t egid() const { return m_egid; }
    pid_t ppid() const { return m_ppid; }
@ -381,7 +381,7 @@ private:
    static void notify_waiters(pid_t waitee, int exit_status, int signal);
-    HashTable<gid_t> m_gids;
+    HashTable<gid_t> m_extra_gids;
    int m_next_tid { 0 };
@ -502,17 +502,17 @@ inline void Process::for_each_in_pgrp(pid_t pgid, Callback callback)
 inline bool InodeMetadata::may_read(Process& process) const
 {
-    return may_read(process.euid(), process.gids());
+    return may_read(process.euid(), process.egid(), process.extra_gids());
 }
 inline bool InodeMetadata::may_write(Process& process) const
 {
-    return may_write(process.euid(), process.gids());
+    return may_write(process.euid(), process.egid(), process.extra_gids());
 }
 inline bool InodeMetadata::may_execute(Process& process) const
 {
-    return may_execute(process.euid(), process.gids());
+    return may_execute(process.euid(), process.egid(), process.extra_gids());
 }
 inline int Thread::pid() const