Modify

#852 closed defect (fixed)

Bitlbee does not drop groups correctly in unix.c

Reported by: David :) Owned by:
Priority: normal Milestone:
Component: BitlBee Version: 3.0.3
Keywords: Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro:

Description

When 'dropping privileges' bitlbee simply does a 'setgid' followed by a 'setuid' call in unix.c. However, this is not sufficient. The code needs to 'drop' the extra groups that the process was started with through initgroups or setgroups.

Attachments (0)

Change History (2)

comment:1 Changed at 2011-11-25T07:28:24Z by wilmer

Hmm, that seems reasonable. What's common behaviour here? I'm guessing initgroups() would be good. In case it doesn't work with numeric arguments (I've never used it TBH) I could fall back to something like setgroups(0, NULL) (assuming the default/main group doesn't have to be included).

comment:2 Changed at 2011-12-22T11:24:53Z by wilmer

  • Resolution set to fixed
  • Status changed from new to closed

changeset:devel,856.

I'm just using initgroups(). Only minimal error checking, and as a fallback later during the initialisation there's another warning if the process still seems to be running as root.

Add Comment

Modify Ticket

Action
as closed The ticket will remain with no owner.
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.