unix: call setgoups before calling setuid/setgid #1105
Conversation
|
Thank you for contributing this pull request! Here are a few pointers to make sure your submission will be considered for inclusion. The following commiters were not found in the CLA:
You can fix all these things without opening another issue. Please see CONTRIBUTING.md for more information |
| @@ -330,6 +330,17 @@ static void uv__process_child_init(const uv_process_options_t* options, | |||
| _exit(127); | |||
| } | |||
|
|
|||
| if (options->flags & (UV_PROCESS_SETUID|UV_PROCESS_SETGID)) { | |||
There was a problem hiding this comment.
Please add space between: ...SETUID | ...SETGID
|
Minor style nit, otherwise LGTM. But yeah, having @bnoordhuis opinion on this would be totally cool! |
Partial fix for #1093
|
Force pushed addressing feedback, thanks @indutny! |
| int saved_errno; | ||
| saved_errno = errno; | ||
| setgroups(0, NULL); | ||
| errno = saved_errno; |
There was a problem hiding this comment.
Can be shortened to SAVE_ERRNO(setgroups(0, NULL)) but apart from that LGTM.
There was a problem hiding this comment.
Thanks Ben, will fix.
On Feb 10, 2014 6:55 PM, "Ben Noordhuis" [email protected] wrote:
In src/unix/process.c:
@@ -330,6 +330,20 @@ static void uv__process_child_init(const uv_process_options_t* options,
_exit(127);
}
- if (options->flags & (UV_PROCESS_SETUID | UV_PROCESS_SETGID)) {
- /* When dropping privileges from root, the
setgroupscall will\* remove any extraneous groups. If we don't call this, then\* even though our uid has dropped, we may still have groups\* that enable us to do super-user things. This will fail if we\* aren't root, so don't bother checking the return value, this\* is just done as an optimistic privilege dropping function.*/- int saved_errno;
- saved_errno = errno;
- setgroups(0, NULL);
- errno = saved_errno;
Can be shortened to SAVE_ERRNO(setgroups(0, NULL)) but apart from that
LGTM.—
Reply to this email directly or view it on GitHubhttps://github.com//pull/1105/files#r9593936
.
|
Change itself LGTM but as food for thought, you may want to consider adding an API that lets the user retain some or all of the ancillary groups. Ditto for capabilities. |
Partial fix for #1093
Shamelessly taken from: rust-lang/rust#12085
/cc @indutny
If you have a few milliseconds to spare, it'd be great to get your input, @bnoordhuis.
As for the dropping caps part, I'll need to look into that, doesn't look anywhere straightforward :-/