ptytty::drop_privileges() set gid, but did not clear the supplementary
group list. Reset them to be appropriate for the target user using
initgroups(). Reported by rpmlint.
Signed-off-by: Robbie Harwood <rharw...@redhat.com>
---
src/proxy.C | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/src/proxy.C b/src/proxy.C
index 0c05b16..354779c 100644
--- a/src/proxy.C
+++ b/src/proxy.C
@@ -35,6 +35,8 @@
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
+#include <grp.h>
+#include <pwd.h>
// helper/proxy support
@@ -331,6 +333,7 @@ ptytty::drop_privileges ()
{
uid_t uid = getuid ();
gid_t gid = getgid ();
+ struct passwd *pwd;
// drop privileges
#if HAVE_SETRESUID
@@ -346,6 +349,10 @@ ptytty::drop_privileges ()
# error no way to drop privileges, configure failed?
#endif
+ pwd = getpwuid (uid);
+ if (pwd == NULL || initgroups (pwd->pw_name, gid))
+ throw ptytty_error ("unable to drop supplementary groups\n");
+
if (uid != geteuid ()
|| gid != getegid ())
throw ptytty_error ("unable to drop privileges.\n");
--
2.33.0
_______________________________________________
rxvt-unicode mailing list
rxvt-unicode@lists.schmorp.de
http://lists.schmorp.de/mailman/listinfo/rxvt-unicode
