diff options
author | Havoc Pennington <hp@redhat.com> | 2004-08-23 04:12:07 +0000 |
---|---|---|
committer | Havoc Pennington <hp@redhat.com> | 2004-08-23 04:12:07 +0000 |
commit | bd4db6455bb15770392213b6283ced4158f48ccd (patch) | |
tree | b2e439b26faf3fe575d1d436234cb34a9115b317 /dbus | |
parent | c7c4d95d0e1284e58a3dfd15c5dc7f0d7c6a5229 (diff) |
2004-08-23 Havoc Pennington <hp@redhat.com>
* dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to
drop supplementary groups, suggested by Steve Grubb
Diffstat (limited to 'dbus')
-rw-r--r-- | dbus/dbus-sysdeps.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index b6f2efec..9099bf62 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -3281,6 +3281,16 @@ _dbus_change_identity (dbus_uid_t uid, dbus_gid_t gid, DBusError *error) { + /* setgroups() only works if we are a privileged process, + * so we don't return error on failure; the only possible + * failure is that we don't have perms to do it. + * FIXME not sure this is right, maybe if setuid() + * is going to work then setgroups() should also work. + */ + if (setgroups (0, NULL) < 0) + dbus_warn ("Failed to drop supplementary groups: %s\n", + _dbus_strerror (errno)); + /* Set GID first, or the setuid may remove our permission * to change the GID */ |