2004-08-23 Havoc Pennington <hp@redhat.com>

* dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to drop supplementary groups, suggested by Steve Grubb
2026-05-01 05:37:58 +02:00 · 2004-08-23 04:12:07 +00:00 · 2004-08-23 04:12:07 +00:00 · bd4db6455b
commit bd4db6455b
parent c7c4d95d0e
2 changed files with 15 additions and 0 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+2004-08-23  Havoc Pennington  <hp@redhat.com>
+
+	* dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to
+	drop supplementary groups, suggested by Steve Grubb
+
 2004-08-20  Colin Walters  <walters@redhat.com>

 	* bus/config-parser.c (start_busconfig_child): Remove some unused
--- a/dbus/dbus-sysdeps.c
+++ b/dbus/dbus-sysdeps.c
@ -3281,6 +3281,16 @@ _dbus_change_identity  (dbus_uid_t     uid,
                        dbus_gid_t     gid,
                        DBusError     *error)
 {
+  /* setgroups() only works if we are a privileged process,
+   * so we don't return error on failure; the only possible
+   * failure is that we don't have perms to do it.
+   * FIXME not sure this is right, maybe if setuid()
+   * is going to work then setgroups() should also work.
+   */
+  if (setgroups (0, NULL) < 0)
+    dbus_warn ("Failed to drop supplementary groups: %s\n",
+               _dbus_strerror (errno));
+  
  /* Set GID first, or the setuid may remove our permission
   * to change the GID
   */