projects
/
collectd.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
exec plugin: Use `setgroups' to set the list of supplementary group IDs.
[collectd.git]
/
src
/
exec.c
diff --git
a/src/exec.c
b/src/exec.c
index
21ac7c7
..
b8b538b
100644
(file)
--- a/
src/exec.c
+++ b/
src/exec.c
@@
-118,6
+118,7
@@
static void exec_child (program_list_t *pl)
int status;
int uid;
int gid;
int status;
int uid;
int gid;
+ int egid;
char *arg0;
struct passwd *sp_ptr;
char *arg0;
struct passwd *sp_ptr;
@@
-140,20
+141,16
@@
static void exec_child (program_list_t *pl)
}
uid = sp.pw_uid;
}
uid = sp.pw_uid;
+ gid = sp.pw_gid;
if (uid == 0)
{
ERROR ("exec plugin: Cowardly refusing to exec program as root.");
exit (-1);
}
if (uid == 0)
{
ERROR ("exec plugin: Cowardly refusing to exec program as root.");
exit (-1);
}
- status = setuid (uid);
- if (status != 0)
- {
- ERROR ("exec plugin: setuid failed: %s",
- sstrerror (errno, errbuf, sizeof (errbuf)));
- exit (-1);
- }
-
+ /* The group configured in the configfile is set as effective group, because
+ * this way the forked process can (re-)gain the user's primary group. */
+ egid = -1;
if (NULL != pl->group)
{
if ('\0' != *pl->group) {
if (NULL != pl->group)
{
if ('\0' != *pl->group) {
@@
-173,22
+170,60
@@
static void exec_child (program_list_t *pl)
exit (-1);
}
exit (-1);
}
- gid = gr.gr_gid;
+
e
gid = gr.gr_gid;
}
else
{
}
else
{
-
gid = sp.pw_
gid;
+
egid =
gid;
}
}
+ } /* if (pl->group == NULL) */
+
+#if HAVE_SETGROUPS
+ if (getuid () == 0)
+ {
+ gid_t glist[2];
+ size_t glist_len;
+
+ glist[0] = gid;
+ glist_len = 1;
+
+ if (gid != egid)
+ {
+ glist[1] = egid;
+ glist_len = 2;
+ }
+
+ setgroups (glist_len, glist);
+ }
+#endif /* HAVE_SETGROUPS */
- status = setgid (gid);
- if (0 != status)
+ status = setgid (gid);
+ if (status != 0)
+ {
+ ERROR ("exec plugin: setgid (%i) failed: %s",
+ gid, sstrerror (errno, errbuf, sizeof (errbuf)));
+ exit (-1);
+ }
+
+ if (egid != -1)
+ {
+ status = setegid (egid);
+ if (status != 0)
{
{
- ERROR ("exec plugin: set
gid
failed: %s",
- sstrerror (errno, errbuf, sizeof (errbuf)));
+ ERROR ("exec plugin: set
egid (%i)
failed: %s",
+
egid,
sstrerror (errno, errbuf, sizeof (errbuf)));
exit (-1);
}
}
exit (-1);
}
}
+ status = setuid (uid);
+ if (status != 0)
+ {
+ ERROR ("exec plugin: setuid (%i) failed: %s",
+ uid, sstrerror (errno, errbuf, sizeof (errbuf)));
+ exit (-1);
+ }
+
arg0 = strrchr (pl->exec, '/');
if (arg0 != NULL)
arg0++;
arg0 = strrchr (pl->exec, '/');
if (arg0 != NULL)
arg0++;
@@
-256,6
+291,7
@@
static int parse_line (char *buffer)
fields_num = strsplit (buffer, &fields[1], STATIC_ARRAY_SIZE(fields) - 1);
handle_putval (stdout, fields, fields_num + 1);
fields_num = strsplit (buffer, &fields[1], STATIC_ARRAY_SIZE(fields) - 1);
handle_putval (stdout, fields, fields_num + 1);
+ return (0);
} /* int parse_line */
static void *exec_read_one (void *arg)
} /* int parse_line */
static void *exec_read_one (void *arg)
@@
-278,6
+314,7
@@
static void *exec_read_one (void *arg)
ERROR ("exec plugin: fdopen (%i) failed: %s", fd,
sstrerror (errno, errbuf, sizeof (errbuf)));
kill (pl->pid, SIGTERM);
ERROR ("exec plugin: fdopen (%i) failed: %s", fd,
sstrerror (errno, errbuf, sizeof (errbuf)));
kill (pl->pid, SIGTERM);
+ pl->pid = 0;
close (fd);
pthread_exit ((void *) 1);
}
close (fd);
pthread_exit ((void *) 1);
}