2004-08-23 Havoc Pennington <hp@redhat.com>

* dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to drop supplementary groups, suggested by Steve Grubb
author: Havoc Pennington <hp@redhat.com> 2004-08-23 04:12:07 +0000
committer: Havoc Pennington <hp@redhat.com> 2004-08-23 04:12:07 +0000
commit: bd4db6455bb15770392213b6283ced4158f48ccd (patch)
tree: b2e439b26faf3fe575d1d436234cb34a9115b317 /dbus/dbus-sysdeps.c
parent: c7c4d95d0e1284e58a3dfd15c5dc7f0d7c6a5229 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c
index b6f2efec..9099bf62 100644
--- a/dbus/dbus-sysdeps.c
+++ b/dbus/dbus-sysdeps.c
@@ -3281,6 +3281,16 @@ _dbus_change_identity  (dbus_uid_t     uid,
                         dbus_gid_t     gid,
                         DBusError     *error)
 {
+  /* setgroups() only works if we are a privileged process,
+   * so we don't return error on failure; the only possible
+   * failure is that we don't have perms to do it.
+   * FIXME not sure this is right, maybe if setuid()
+   * is going to work then setgroups() should also work.
+   */
+  if (setgroups (0, NULL) < 0)
+    dbus_warn ("Failed to drop supplementary groups: %s\n",
+               _dbus_strerror (errno));
+  
   /* Set GID first, or the setuid may remove our permission
    * to change the GID
    */
author	Havoc Pennington <hp@redhat.com>	2004-08-23 04:12:07 +0000
committer	Havoc Pennington <hp@redhat.com>	2004-08-23 04:12:07 +0000
commit	bd4db6455bb15770392213b6283ced4158f48ccd (patch)
tree	b2e439b26faf3fe575d1d436234cb34a9115b317 /dbus/dbus-sysdeps.c
parent	c7c4d95d0e1284e58a3dfd15c5dc7f0d7c6a5229 (diff)