libc: fix the _FORTIFY_SOURCE build of getgrouplist(3)

We need <unistd.h> to get our prototype normally, but WARNS in libc is
way too low to surface that.

Additionally, _FORTIFY_SOURCE needs to include <ssp/unistd.h> by way of
<unistd.h> to actually export an implementation of getgrouplist(3).  The
version defined in the .c gets named __ssp_real_getgrouplist() and the
actual implementation comes from the redirect stub in <ssp/unistd.h>,
which basically gets optimized away in the built object because our
__builtin_object_size() check is trivially false when we cannot resolve
any object sizes in this translation unit.

This could be argued as a design flaw in _FORTIFY_SOURCE, but we should
grab <unistd.h> for our prototype anyways so let's kick the can down
the road instead of re-thinking it for 15.0.

Reported by:	Shawn Webb (HardenedBSD)
Fixes:		d3f8ed6066 ("getgrouplist(3): Remove superfluous [...]")
MFC after:	3 days
This commit is contained in:
Kyle Evans
2025-09-13 17:19:46 -05:00
parent dd32d6b29d
commit 91ea7e2ce2
+1
View File
@@ -31,6 +31,7 @@
#include <sys/types.h>
#include <unistd.h>
#include <ssp/ssp.h>
extern int __getgroupmembership(const char *, gid_t, gid_t *, int, int *);