From 24414fbbebb3ad8ccdd9071a9ae97f219576a310 Mon Sep 17 00:00:00 2001
From: Damien Neil <dneil@google.com>
Date: Tue, 12 Apr 2022 13:38:17 -0700
Subject: [PATCH 12/16] [go-1.16.15-eks] syscall: check correct group in
 Faccessat

# AWS EKS
Backported To: go-1.16.15-eks
Backported On: Tue, 04 Oct 2022
Backported By: budris@amazon.com
Backported From: release-branch.go1.17
EKS Patch Source Commit: https://github.com/danbudris/go/commit/e13d51dae376f08ea381869af4880ca312111086
Upstream Source Commit: https://github.com/golang/go/commit/04781d14d2d33acbaf70f77e3a58ae0f3c90757c

# Original Information

The Faccessat call checks the user, group, or other permission bits of a
file to see if the calling process can access it. The test to see if the
group permissions should be used was made with the wrong group id, using
the process's group id rather than the file's group id. Fix this to use
the correct group id.

No test since we cannot easily change file permissions when not running
as root and the test is meaningless if running as root.

For #52313
Fixes #52439

Change-Id: I4e2c84754b0af7830b40fd15dedcbc58374d75ee
Reviewed-on: https://go-review.googlesource.com/c/go/+/399539
Reviewed-by: Ian Lance Taylor <iant@google.com>
Run-TryBot: Ian Lance Taylor <iant@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
(cherry picked from commit f66925e854e71e0c54b581885380a490d7afa30c)
Reviewed-on: https://go-review.googlesource.com/c/go/+/401078
Auto-Submit: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Tatiana Bradley <tatiana@golang.org>
Run-TryBot: Damien Neil <dneil@google.com>
Auto-Submit: Damien Neil <dneil@google.com>
Reviewed-by: Tatiana Bradley <tatiana@golang.org>
---
 src/syscall/syscall_linux.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/syscall/syscall_linux.go b/src/syscall/syscall_linux.go
index 3041f6f8fc..b2cc53e5c0 100644
--- a/src/syscall/syscall_linux.go
+++ b/src/syscall/syscall_linux.go
@@ -106,7 +106,7 @@ func Faccessat(dirfd int, path string, mode uint32, flags int) (err error) {
 			gid = Getgid()
 		}
 
-		if uint32(gid) == st.Gid || isGroupMember(gid) {
+		if uint32(gid) == st.Gid || isGroupMember(int(st.Gid)) {
 			fmode = (st.Mode >> 3) & 7
 		} else {
 			fmode = st.Mode & 7
-- 
2.30.1 (Apple Git-130)