diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2022-08-29 11:23:29 +0200 |
---|---|---|
committer | Stefano Brivio <sbrivio@redhat.com> | 2022-08-30 19:15:44 +0200 |
commit | 9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b (patch) | |
tree | 7041d095455200e82616d93ad1178964fcb2c5b6 | |
parent | 60ffc5b6cb85e6fc7707f6b1d918c93b77a92f2c (diff) | |
download | passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.gz passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.bz2 passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.lz passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.xz passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.tar.zst passt-9672ab8dd01cd9a2f7c8365f8d497b605dc83c9b.zip |
util: Drop any supplementary group before dropping privileges
Commit a951e0b9efcb ("conf: Add --runas option, changing to given UID
and GID if started as root") dropped the call to initgroups() that
used to add supplementary groups corresponding to the user we'll
eventually run as -- we don't need those.
However, if the original user belongs to supplementary groups
(usually not the case, if started as root), we don't drop those,
now, and rpmlint says:
passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt
passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt.avx2
Add a call to setgroups() with an empty set, to drop any
supplementary group we might currently have, before changing GID
and UID.
Reported-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
-rw-r--r-- | util.c | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -525,7 +525,7 @@ void check_root(struct ctx *c) #endif } - if (!setgid(c->gid) && !setuid(c->uid)) + if (!setgroups(0, NULL) && !setgid(c->gid) && !setuid(c->uid)) return; fprintf(stderr, "Can't change user/group, exiting"); |