[BB#115] Drop supplementary groups

Supplementary groups are inherited from the calling process. Drop all supplementary groups if the "Group" configuration directive is set to change to a different user. Otherwise the process may have more rights than expected. Reviewed-by: Michael Adam <obnox@samba.org>
2013-09-09 08:33:48 +02:00 · 2013-09-09 08:33:48 +02:00 · c8b8247f70
commit c8b8247f70
parent 3cc59ec3be
2 changed files with 11 additions and 1 deletions
--- a/configure.ac
+++ b/configure.ac
@ -203,7 +203,7 @@ AC_FUNC_REALLOC
 AC_CHECK_FUNCS([gethostname inet_ntoa memchr memset select socket strcasecmp \
                strchr strdup strerror strncasecmp strpbrk strstr strtol])
 AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec])
-AC_CHECK_FUNCS([strlcpy strlcat])
+AC_CHECK_FUNCS([strlcpy strlcat setgroups])


 dnl Enable extra warnings
--- a/src/main.c
+++ b/src/main.c
@ -296,6 +296,16 @@ change_user (const char *program)
                        exit (EX_NOPERM);
                }

+#ifdef HAVE_SETGROUPS
+                /* Drop all supplementary groups, otherwise these are inherited from the calling process */
+                if (setgroups (0, NULL) < 0) {
+                        fprintf (stderr,
+                                 "%s: Unable to drop supplementary groups.\n",
+                                 program);
+                        exit (EX_NOPERM);
+                }
+#endif
+
                log_message (LOG_INFO, "Now running as group \"%s\".",
                             config.group);
        }