mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2025-01-11 17:04:19 +01:00
7937bfbc0c
Previously, the rule validation only checked the primary GID (cr_gid). This caused issues when applying GID-based rules, as users with matching secondary groups were not considered valid. This patch modifies both functions to iterate through all groups in cr_groups to ensure all group memberships are considered when validating GID-based rules. For example, a user's primary group is staff (20) and they are also in the wheel (0) group, this change allows the rule gid=0:any to enable them to run commands as any user. Reviewed by: delphij (earlier version), bapt Differential Revision: https://reviews.freebsd.org/D47304 |
||
|---|---|---|
| .. | ||
| audit | ||
| mac | ||
| mac_biba | ||
| mac_bsdextended | ||
| mac_ddb | ||
| mac_do | ||
| mac_grantbylabel | ||
| mac_ifoff | ||
| mac_ipacl | ||
| mac_lomac | ||
| mac_mls | ||
| mac_none | ||
| mac_ntpd | ||
| mac_partition | ||
| mac_pimd | ||
| mac_portacl | ||
| mac_priority | ||
| mac_seeotheruids | ||
| mac_stub | ||
| mac_test | ||
| mac_veriexec | ||
| mac_veriexec_parser | ||