How can a group id, be droped?

[John Ioannidis]

I once wrote a pair of system calls that allowed an unprivileged user to 
add a group to their list of groups, based on authorization granted by
a setuid root program. Anyway, just removing a group should not ask for
any special authorization, so I guess the easiest way to do it is the following:

Basically, you have to add a simple system call. Let's say you'll
call it rmgroup(), and it will take one numeric argument, the gid to
remove from the list. 

TO add a system call, add a declaration for it in
$SYS/sys/init_sysent.c and put it at the end of struct sysent sysent[]
in the same file. You'll also have to include it in syscallnames[] in
file $SYS/sys/syscalls.c. 

Now, in $SYS/sys/kern_prot.c there is a function called leavegroup()
which does exaclty what you want. To package it into a syscall, add
the following code in kern_prot.c:

rmgroup()
{
	struct a {
		long groupname;
	} *uap = (struct a *)u.u_ap;

	leavegroup(a->groupname);
}

After that, recompile the kernel and you''l be all set. TO call the
rmgrp syscall, just call syscall(SYSCALL_rmgrp, groupid), where
SYSCALL_rmgrp is the number of the system call (you'll know that
because that's where you added it in the struct sysent initially).

I haven't tested the code (obviously), but it's too simple not to
work. 

Good luck

/ji

#include <appropriate_disclaimers>

VOICE: 	+1 212 280 5510			INET: ji at garfield.columbia.EDU
USnail:	John Ioannidis