blob: ebde207986b92082dd86aa72945f2f5c0a7b74a2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
From 420e914c4cc4c2ba34fd75790ea194d7f4a47d2c Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 29 Jul 2021 11:50:48 +0200
Subject: [PATCH] libmount: fix setgroups() use
* keep process in single supplementary group, which is the real group ID for the process
* make sure we have rights to call setgroups(), requires group permissions
Fixes: https://github.com/karelzak/util-linux/issues/1398
Signed-off-by: Karel Zak <kzak@redhat.com>
---
include/c.h | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/include/c.h b/include/c.h
index c1e4c5ffc..a4504e3ba 100644
--- a/include/c.h
+++ b/include/c.h
@@ -340,14 +340,16 @@ static inline size_t get_hostname_max(void)
static inline int drop_permissions(void)
{
+ gid_t newgid = getgid();
+
errno = 0;
/* drop supplementary groups */
- if (setgroups(0, NULL) != 0)
+ if (geteuid() == 0 && setgroups(1, &newgid) != 0)
goto fail;
/* drop GID */
- if (setgid(getgid()) < 0)
+ if (setgid(newgid) < 0)
goto fail;
/* drop UID */
|
