| From 420e914c4cc4c2ba34fd75790ea194d7f4a47d2c Mon Sep 17 00:00:00 2001 |
| From: Karel Zak <kzak@redhat.com> |
| Date: Thu, 29 Jul 2021 11:50:48 +0200 |
| Subject: [PATCH] libmount: fix setgroups() use |
| |
| * keep process in single supplementary group, which is the real group ID for the process |
| |
| * make sure we have rights to call setgroups(), requires group permissions |
| |
| Fixes: https://github.com/karelzak/util-linux/issues/1398 |
| Signed-off-by: Karel Zak <kzak@redhat.com> |
| --- |
| include/c.h | 6 ++++-- |
| 1 file changed, 4 insertions(+), 2 deletions(-) |
| |
| diff --git a/include/c.h b/include/c.h |
| index c1e4c5ffc..a4504e3ba 100644 |
| --- a/include/c.h |
| +++ b/include/c.h |
| @@ -340,14 +340,16 @@ static inline size_t get_hostname_max(void) |
| |
| static inline int drop_permissions(void) |
| { |
| + gid_t newgid = getgid(); |
| + |
| errno = 0; |
| |
| /* drop supplementary groups */ |
| - if (setgroups(0, NULL) != 0) |
| + if (geteuid() == 0 && setgroups(1, &newgid) != 0) |
| goto fail; |
| |
| /* drop GID */ |
| - if (setgid(getgid()) < 0) |
| + if (setgid(newgid) < 0) |
| goto fail; |
| |
| /* drop UID */ |