#852 closed defect (fixed)

Bitlbee does not drop groups correctly in unix.c

Reported by: David :) Owned by:
Priority: normal Milestone:
Component: BitlBee Version: 3.0.3
Keywords: Cc:
IRC client+version: Client-independent Operating System: Public server
OS version/distro:


When 'dropping privileges' bitlbee simply does a 'setgid' followed by a 'setuid' call in unix.c. However, this is not sufficient. The code needs to 'drop' the extra groups that the process was started with through initgroups or setgroups.

Attachments (0)

Change History (2)

comment:1 Changed at 2011-11-25T07:28:24Z by wilmer

Hmm, that seems reasonable. What's common behaviour here? I'm guessing initgroups() would be good. In case it doesn't work with numeric arguments (I've never used it TBH) I could fall back to something like setgroups(0, NULL) (assuming the default/main group doesn't have to be included).

comment:2 Changed at 2011-12-22T11:24:53Z by wilmer

Resolution: fixed
Status: newclosed


I'm just using initgroups(). Only minimal error checking, and as a fallback later during the initialisation there's another warning if the process still seems to be running as root.

Modify Ticket

as closed The ticket will remain with no owner.
The resolution will be deleted.

Add Comment

E-mail address and name can be saved in the Preferences.

Note: See TracTickets for help on using tickets.