Re: tar attempts to drop privileges for remote command but mishandles groups

[Ondrej Dubaj]

Agree, thanks for your solution!

Will this solution be part of upstream code in near future ?

Thanks.

Ondrej

On Mon, Feb 8, 2021 at 5:06 PM Sergey Poznyakoff <gray@gnu.org.ua> wrote:

FWIW, I'd rather propose something like that:

diff --git a/lib/system.h b/lib/system.h
index e7f531c..dffab86 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -470,19 +470,37 @@ char *getenv ();
 #if MSDOS
 # include <process.h>
 # define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
 # define ERRNO_IS_EACCES errno == EACCES
 # define mkdir(file, mode) (mkdir) (file)
 # define TTY_NAME "con"
 # define sys_reset_uid_gid()
 #else
 # define SET_BINARY_MODE(arc)
 # define ERRNO_IS_EACCES 0
 # define TTY_NAME "/dev/tty"
-# define sys_reset_uid_gid()                                   \
-  do {                                                         \
-    if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
-      abort ();                                                        \
-  } while (0)
+# include <paxlib.h>
+static inline void
+sys_reset_uid_gid (void)
+{
+  struct passwd *pw;
+  uid_t uid = getuid ();
+  gid_t gid = getgid ();
+ 
+  if ((pw = getpwuid (uid)) == NULL)
+    {
+      FATAL_ERROR ((0, errno, "%s(%ld)", "getpwuid", (unsigned long)uid));
+    }
+  if (initgroups (pw->pw_name, getgid ()))
+    {
+      FATAL_ERROR ((0, errno, "%s", "initgroups"));
+    }
+  if (gid != getegid () && setgid (gid) && errno != EPERM)
+    {
+      FATAL_ERROR ((0, errno, "%s", "setgid"));
+    }
+  if (uid != geteuid () && setuid (uid) && errno != EPERM)
+    {
+      FATAL_ERROR ((0, errno, "%s", "setuid"));
+    }
+}
 #endif

 #if XENIX