[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: dropping setuid/setgid privileges

From: Bruno Haible
Subject: Re: dropping setuid/setgid privileges
Date: Thu, 11 Jun 2009 19:49:05 +0200
User-agent: KMail/1.9.9

James, Sergey,

> > So we may also need to do something like this: 
> > 
> >   /* Use of setgroups() is restricted to root only. */
> >   if (0 =3D=3D geteuid())
> >     {
> >       /* We're either root or running setuid-root. */
> >       gid_t groups[1];
> >       groups[0] =3D gid;
> >       if (0 !=3D setgroups(1u, groups))
> Yes, but on the other hand the caller might need to retain some
> supplementary groups when dropping privileges.

What is the use-case that you are considering? A setuid/setgid executable,
or an executable run by root? And what task does it do, related to the user's
data and devices?

> Perhaps it is worth to provide a mechanism for that too? Something like
>   idpriv_drop_grp (size_t ngrp, gid_t *groups)

Should that drop the specified supplementary groups (and keep the rest),
or keep the specified supplementary groups?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]