From bd4db6455bb15770392213b6283ced4158f48ccd Mon Sep 17 00:00:00 2001
From: Havoc Pennington <hp@redhat.com>
Date: Mon, 23 Aug 2004 04:12:07 +0000
Subject: 2004-08-23  Havoc Pennington  <hp@redhat.com>

	* dbus/dbus-sysdeps.c (_dbus_change_identity): add setgroups() to
	drop supplementary groups, suggested by Steve Grubb
---
 dbus/dbus-sysdeps.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'dbus/dbus-sysdeps.c')

diff --git a/dbus/dbus-sysdeps.c b/dbus/dbus-sysdeps.c
index b6f2efec..9099bf62 100644
--- a/dbus/dbus-sysdeps.c
+++ b/dbus/dbus-sysdeps.c
@@ -3281,6 +3281,16 @@ _dbus_change_identity  (dbus_uid_t     uid,
                         dbus_gid_t     gid,
                         DBusError     *error)
 {
+  /* setgroups() only works if we are a privileged process,
+   * so we don't return error on failure; the only possible
+   * failure is that we don't have perms to do it.
+   * FIXME not sure this is right, maybe if setuid()
+   * is going to work then setgroups() should also work.
+   */
+  if (setgroups (0, NULL) < 0)
+    dbus_warn ("Failed to drop supplementary groups: %s\n",
+               _dbus_strerror (errno));
+  
   /* Set GID first, or the setuid may remove our permission
    * to change the GID
    */
-- 
cgit