From: David Rhodus Date: Mon, 26 Jul 2004 19:48:31 +0000 (+0000) Subject: POSIX.1-2003: Changing the group ID is permitted to a process with an X-Git-Tag: v2.0.1~10671 X-Git-Url: https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff_plain/a10e3626dca4b8bdf3e9a2100e0911c31dfa5024 POSIX.1-2003: Changing the group ID is permitted to a process with an effective user ID of file, but without appropriate privileges, if and only if owner is equal to the file's user ID or (uid_t)-1 and group is equal either to the calling process effective group ID or to one of its supplementary group IDs. --- diff --git a/sys/vfs/ufs/ufs_vnops.c b/sys/vfs/ufs/ufs_vnops.c index 78f73e380a..64e0431e32 100644 --- a/sys/vfs/ufs/ufs_vnops.c +++ b/sys/vfs/ufs/ufs_vnops.c @@ -37,7 +37,7 @@ * * @(#)ufs_vnops.c 8.27 (Berkeley) 5/27/95 * $FreeBSD: src/sys/ufs/ufs/ufs_vnops.c,v 1.131.2.8 2003/01/02 17:26:19 bde Exp $ - * $DragonFly: src/sys/vfs/ufs/ufs_vnops.c,v 1.14 2004/07/18 19:43:48 drhodus Exp $ + * $DragonFly: src/sys/vfs/ufs/ufs_vnops.c,v 1.15 2004/07/26 19:48:31 drhodus Exp $ */ #include "opt_quota.h" @@ -579,7 +579,8 @@ ufs_chown(struct vnode *vp, uid_t uid, gid_t gid, struct ucred *cred, * the caller must be superuser or the call fails. */ if ((cred->cr_uid != ip->i_uid || uid != ip->i_uid || - (gid != ip->i_gid && !groupmember((gid_t)gid, cred))) && + (gid != ip->i_gid && !(cred->cr_gid == gid || + groupmember((gid_t)gid, cred)))) && (error = suser_cred(cred, PRISON_ROOT))) return (error); ogid = ip->i_gid;