group_access_list() always adds group 'root'

[LucaFulchir]

Hi, I'm kinda new at rust, but I think I have found a bug in this crate

Basically the function group_access_list should return the list the current available groups for the process
...except it seems to always add the root group

The bug might be here:

    let mut buff: Vec<gid_t> = vec![0; 1024];
[...]
    let res = unsafe {
        libc::getgroups(1024, buff.as_mut_ptr())
    };
[...]
    if res < 0 {...
    else {
        let mut groups = buff.into_iter()

The vector has 1024 elements inside, default 0. Then the libc::getgroups will get, say res = 42 groups
but buff.into_iter() goes through all 1024 elements.

The final groups.dedup_by_key(|i| i.gid()); removes multiple occurrences of the root group.
However, even that is probably kinda wrong since the docs say:

Removes all but the first of consecutive elements in the vector that resolve to the same key

...meaning that the list root,users,root will not get deduped, correct?

I have not checked for similar bugs elsewhere in the codebase

[LucaFulchir]

pub fn get_user_groups seems to have the same problem:

    let res = unsafe {
        libc::getgrouplist(name.as_ptr(), gid, buff.as_mut_ptr(), &mut count)
    };

since count is a value-result ans is not used again, same thing with the dedup, too. I don't think the result of these function has much of any guarantee, so assuming that repeated groups are sequential is probably wrong

[mfindra]

hey, is there CVE assigned for this vulnerability?

[carnil]

hey, is there CVE assigned for this vulnerability?

CVE-2025-5791 seems to have been assigned for this issue.