From 33da011f77ade50ff5b6a6fb4a9a1e6d6b285809 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Tue, 12 Apr 2022 13:51:39 -0700
Subject: [PATCH] unix: check correct group in Faccessat

The Faccessat call checks the user, group, or other permission bits of a
file to see if the calling process can access it. The test to see if the
group permissions should be used was made with the wrong group id, using
the process's group id rather than the file's group id. Fix this to use
the correct group id.

This change only affects Linux versions prior to 5.8. Linux 5.8 added
the faccessat2 system call, which we use in preference to the internal
implementation.

No test since we cannot easily change file permissions when not running
as root and the test is meaningless if running as root.

For golang/go#52313

Change-Id: I6fa64379a50c9380207eab9d095ef7fbd05a2d59
Reviewed-on: https://go-review.googlesource.com/c/sys/+/400074
Run-TryBot: Damien Neil <dneil@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Ian Lance Taylor <iant@google.com>
---
 unix/syscall_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/unix/syscall_linux.go b/unix/syscall_linux.go
index cb03b729..d251dafa 100644
--- a/unix/syscall_linux.go
+++ b/unix/syscall_linux.go
@@ -2189,7 +2189,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 			gid = Getgid()
 		}
 
-		if uint32(gid) == st.Gid || isGroupMember(gid) {
+		if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
 			fmode = (st.Mode >> 3) & 7
 		} else {
 			fmode = st.Mode & 7