public inbox for passt-dev@passt.top
 help / color / mirror / code / Atom feed
From: Stefano Brivio <sbrivio@redhat.com>
To: passt-dev@passt.top
Subject: [PATCH 1/7] util: Drop any supplementary group before dropping privileges
Date: Mon, 29 Aug 2022 17:17:03 +0200	[thread overview]
Message-ID: <20220829151709.2650896-2-sbrivio@redhat.com> (raw)
In-Reply-To: <20220829151709.2650896-1-sbrivio@redhat.com>

[-- Attachment #1: Type: text/plain, Size: 1196 bytes --]

Commit a951e0b9efcb ("conf: Add --runas option, changing to given UID
and GID if started as root") dropped the call to initgroups() that
used to add supplementary groups corresponding to the user we'll
eventually run as -- we don't need those.

However, if the original user belongs to supplementary groups
(usually not the case, if started as root), we don't drop those,
now, and rpmlint says:

  passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt
  passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt.avx2

Add a call to setgroups() with an empty set, to drop any
supplementary group we might currently have, before changing GID
and UID.

Reported-by: Daniel P. Berrangé <berrange(a)redhat.com>
Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>
---
 util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/util.c b/util.c
index 9b87b65..7e10deb 100644
--- a/util.c
+++ b/util.c
@@ -525,7 +525,7 @@ void check_root(struct ctx *c)
 #endif
 	}
 
-	if (!setgid(c->gid) && !setuid(c->uid))
+	if (!setgroups(0, NULL) && !setgid(c->gid) && !setuid(c->uid))
 		return;
 
 	fprintf(stderr, "Can't change user/group, exiting");
-- 
@@ -525,7 +525,7 @@ void check_root(struct ctx *c)
 #endif
 	}
 
-	if (!setgid(c->gid) && !setuid(c->uid))
+	if (!setgroups(0, NULL) && !setgid(c->gid) && !setuid(c->uid))
 		return;
 
 	fprintf(stderr, "Can't change user/group, exiting");
-- 
2.35.1


  reply	other threads:[~2022-08-29 15:17 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-29 15:17 [PATCH 0/7] Second batch of fixes reported during Fedora package review Stefano Brivio
2022-08-29 15:17 ` Stefano Brivio [this message]
2022-08-30  1:20   ` [PATCH 1/7] util: Drop any supplementary group before dropping privileges David Gibson
2022-08-29 15:17 ` [PATCH 2/7] fedora: Adopt versioning guideline for snapshots Stefano Brivio
2022-08-29 19:25   ` Stefano Brivio
2022-08-29 15:17 ` [PATCH 3/7] fedora: Drop SPDX identifier from spec file Stefano Brivio
2022-08-29 15:17 ` [PATCH 4/7] fedora: Drop comment stating the spec file is an example file Stefano Brivio
2022-08-29 15:17 ` [PATCH 5/7] fedora: Define git_hash in spec file and reuse it Stefano Brivio
2022-08-29 15:17 ` [PATCH 6/7] fedora: Use full versioning for SELinux subpackage Requires: tag Stefano Brivio
2022-08-29 15:17 ` [PATCH 7/7] fedora: Pass explicit bindir, mandir, docdir, and drop OpenSUSE override Stefano Brivio
2022-08-29 19:23   ` Stefano Brivio

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220829151709.2650896-2-sbrivio@redhat.com \
    --to=sbrivio@redhat.com \
    --cc=passt-dev@passt.top \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
Code repositories for project(s) associated with this public inbox

	https://passt.top/passt

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for IMAP folder(s).