32 lines
934 B
Diff
32 lines
934 B
Diff
From 9d00681b24b02e0a143506c0f60c83d50136e87d Mon Sep 17 00:00:00 2001
|
|
From: Jonathan Dieter <jdieter@lesbg.com>
|
|
Date: Tue, 11 Apr 2017 11:20:32 +0300
|
|
Subject: [PATCH] [main] Remove supplementary groups when dropping privileges
|
|
|
|
When dropping privileges, remove supplementary groups which give
|
|
unnecessary access.
|
|
|
|
This will fail if we're not root, at which point the next statement will
|
|
also fail, so don't bother checking return value.
|
|
|
|
Signed-off-by: Jonathan Dieter <jdieter@lesbg.com>
|
|
---
|
|
src/main/main.cc | 1 +
|
|
1 file changed, 1 insertion(+)
|
|
|
|
diff --git a/src/main/main.cc b/src/main/main.cc
|
|
index 36cf9cb..a974881 100644
|
|
--- a/src/main/main.cc
|
|
+++ b/src/main/main.cc
|
|
@@ -374,6 +374,7 @@ void changeugid(RunMode runmode) {
|
|
free(wuser);
|
|
free(wgroup);
|
|
|
|
+ setgroups(0, NULL);
|
|
if (setgid(wrk_gid)<0) {
|
|
lzfs_pretty_errlog(LOG_ERR,"can't set gid to %d",(int)wrk_gid);
|
|
exit(LIZARDFS_EXIT_STATUS_ERROR);
|
|
--
|
|
2.9.3
|
|
|