From b5c5890955fa19651ad8b3f48d99364d270a0d8f Mon Sep 17 00:00:00 2001 From: Florian Forster Date: Tue, 19 Feb 2008 13:55:32 +0100 Subject: [PATCH] exec plugin: Use `setgroups' to set the list of supplementary group IDs. Thanks to Peter Holik for suggesting this. --- configure.in | 5 +---- src/exec.c | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/configure.in b/configure.in index 5555c8a0..2379cbe7 100644 --- a/configure.in +++ b/configure.in @@ -367,8 +367,7 @@ AC_CHECK_FUNCS(gettimeofday select strdup strtol getaddrinfo getnameinfo strchr AC_FUNC_STRERROR_R -AC_CHECK_FUNCS(getpwnam_r) -AC_CHECK_FUNCS(getgrnam_r) +AC_CHECK_FUNCS(getpwnam_r getgrnam_r setgroups regcomp regerror regexec regfree) socket_needs_socket="no" AC_CHECK_FUNCS(socket, [], AC_CHECK_LIB(socket, socket, [socket_needs_socket="yes"], AC_MSG_ERROR(cannot find socket))) @@ -378,8 +377,6 @@ nanosleep_needs_rt="no" AC_CHECK_FUNCS(nanosleep, [], AC_CHECK_LIB(rt, nanosleep, [nanosleep_needs_rt="yes"], AC_MSG_ERROR(cannot find nanosleep))) AM_CONDITIONAL(BUILD_WITH_LIBRT, test "x$nanosleep_needs_rt" = "xyes") -AC_CHECK_FUNCS(regcomp regerror regexec regfree) - AC_CHECK_FUNCS(sysctlbyname, [have_sysctlbyname="yes"], [have_sysctlbyname="no"]) AC_CHECK_FUNCS(host_statistics, [have_host_statistics="yes"], [have_host_statistics="no"]) AC_CHECK_FUNCS(processor_info, [have_processor_info="yes"], [have_processor_info="no"]) diff --git a/src/exec.c b/src/exec.c index fd20191a..b8b538b8 100644 --- a/src/exec.c +++ b/src/exec.c @@ -178,6 +178,25 @@ static void exec_child (program_list_t *pl) } } /* if (pl->group == NULL) */ +#if HAVE_SETGROUPS + if (getuid () == 0) + { + gid_t glist[2]; + size_t glist_len; + + glist[0] = gid; + glist_len = 1; + + if (gid != egid) + { + glist[1] = egid; + glist_len = 2; + } + + setgroups (glist_len, glist); + } +#endif /* HAVE_SETGROUPS */ + status = setgid (gid); if (status != 0) { -- 2.11.0