Also mention process groups in users report

rustsec · Jan 15, 2025 · 7225174 · 7225174
1 parent 34fc344
commit 7225174
Showing 1 changed file with 8 additions and 3 deletions.
diff --git a/crates/users/RUSTSEC-0000-0000.md b/crates/users/RUSTSEC-0000-0000.md
@@ -11,10 +11,15 @@ patched = []
 unaffected = ["<= 0.7.0"]
 ```
 
-# `root` appended to supplementary groups
+# `root` unconditionally appended to group listings
 
-Affected versions append the `root` group to the supplementary groups of a user, regardless of their actual membership.
-This occurs unless the user is a member of exactly 1024 supplementary groups.
+Affected versions append `root` to all group listings.
+This occurs unless the correct listing has exactly 1024 groups.
+
+This affects both:
+
+- The supplementary groups of a user
+- The groups of the current process
 
 If the caller uses this information for access control, this may lead to privilege escalation.