[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: dropping setuid/setgid privileges
From: |
Sergey Poznyakoff |
Subject: |
Re: dropping setuid/setgid privileges |
Date: |
Wed, 10 Jun 2009 12:55:25 +0300 |
James Youngman <address@hidden> ha escrit:
> It's possible that one of the process's supplementary groups is
> privileged. So we may also need to do something like this:
>
> #if HAVE_SETGROUPS
> /* Use of setgroups() is restricted to root only. */
> if (0 =3D=3D geteuid())
> {
> /* We're either root or running setuid-root. */
> gid_t groups[1];
> groups[0] =3D gid;
> if (0 !=3D setgroups(1u, groups))
Yes, but on the other hand the caller might need to retain some
supplementary groups when dropping privileges. Perhaps it is worth
to provide a mechanism for that too? Something like
idpriv_drop_grp (size_t ngrp, gid_t *groups)
Regards,
Sergey
- Re: [PATCH] chroot specify user/group feature, James Youngman, 2009/06/04
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/07
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/07
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/07
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08
- Re: dropping setuid/setgid privileges,
Sergey Poznyakoff <=
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges, Sergey Poznyakoff, 2009/06/11
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/11
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/11
- Re: dropping setuid/setgid privileges, James Youngman, 2009/06/12
- Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/12
Re: dropping setuid/setgid privileges, Bruno Haible, 2009/06/08