diff options
-rw-r--r-- | ChangeLog | 5 | ||||
-rw-r--r-- | dbus/dbus-sysdeps.c | 10 |
2 files changed, 15 insertions, 0 deletions
@@ -1,3 +1,8 @@ +2004-08-23 Havoc Pennington <hp@redhat.com> + + * dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to + drop supplementary groups, suggested by Steve Grubb + 2004-08-20 Colin Walters <walters@redhat.com> * bus/config-parser.c (start_busconfig_child): Remove some unused diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c index b6f2efec..9099bf62 100644 --- a/dbus/dbus-sysdeps.c +++ b/dbus/dbus-sysdeps.c @@ -3281,6 +3281,16 @@ _dbus_change_identity (dbus_uid_t uid, dbus_gid_t gid, DBusError *error) { + /* setgroups() only works if we are a privileged process, + * so we don't return error on failure; the only possible + * failure is that we don't have perms to do it. + * FIXME not sure this is right, maybe if setuid() + * is going to work then setgroups() should also work. + */ + if (setgroups (0, NULL) < 0) + dbus_warn ("Failed to drop supplementary groups: %s\n", + _dbus_strerror (errno)); + /* Set GID first, or the setuid may remove our permission * to change the GID */ |