From bd4db6455bb15770392213b6283ced4158f48ccd Mon Sep 17 00:00:00 2001 From: Havoc Pennington Date: Mon, 23 Aug 2004 04:12:07 +0000 Subject: [PATCH] 2004-08-23 Havoc Pennington * dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to drop supplementary groups, suggested by Steve Grubb --- ChangeLog | 5 +++++ dbus/dbus-sysdeps.c | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6f3cc2a..2ea0582 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2004-08-23 Havoc Pennington + + * dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to + drop supplementary groups, suggested by Steve Grubb + 2004-08-20 Colin Walters * bus/config-parser.c (start_busconfig_child): Remove some unused diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index b6f2efe..9099bf6 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -3281,6 +3281,16 @@ _dbus_change_identity (dbus_uid_t uid, dbus_gid_t gid, DBusError *error) { + /* setgroups() only works if we are a privileged process, + * so we don't return error on failure; the only possible + * failure is that we don't have perms to do it. + * FIXME not sure this is right, maybe if setuid() + * is going to work then setgroups() should also work. + */ + if (setgroups (0, NULL) < 0) + dbus_warn ("Failed to drop supplementary groups: %s\n", + _dbus_strerror (errno)); + /* Set GID first, or the setuid may remove our permission * to change the GID */ -- 2.7.4