Modify ↓
Opened at 2011-11-09T15:38:55Z
Closed at 2011-12-22T11:24:53Z
#852 closed defect (fixed)
Bitlbee does not drop groups correctly in unix.c
Reported by: | David :) | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | |
Component: | BitlBee | Version: | 3.0.3 |
Keywords: | Cc: | ||
IRC client+version: | Client-independent | Operating System: | Public server |
OS version/distro: |
Description
When 'dropping privileges' bitlbee simply does a 'setgid' followed by a 'setuid' call in unix.c. However, this is not sufficient. The code needs to 'drop' the extra groups that the process was started with through initgroups or setgroups.
Attachments (0)
Change History (2)
comment:1 Changed at 2011-11-25T07:28:24Z by
comment:2 Changed at 2011-12-22T11:24:53Z by
Resolution: | → fixed |
---|---|
Status: | new → closed |
I'm just using initgroups(). Only minimal error checking, and as a fallback later during the initialisation there's another warning if the process still seems to be running as root.
Note: See
TracTickets for help on using
tickets.
Hmm, that seems reasonable. What's common behaviour here? I'm guessing initgroups() would be good. In case it doesn't work with numeric arguments (I've never used it TBH) I could fall back to something like setgroups(0, NULL) (assuming the default/main group doesn't have to be included).