From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Gibson To: passt-dev@passt.top Subject: Re: [PATCH 1/7] util: Drop any supplementary group before dropping privileges Date: Tue, 30 Aug 2022 11:20:04 +1000 Message-ID: In-Reply-To: <20220829151709.2650896-2-sbrivio@redhat.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0690209083529661426==" --===============0690209083529661426== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable On Mon, Aug 29, 2022 at 05:17:03PM +0200, Stefano Brivio wrote: > Commit a951e0b9efcb ("conf: Add --runas option, changing to given UID > and GID if started as root") dropped the call to initgroups() that > used to add supplementary groups corresponding to the user we'll > eventually run as -- we don't need those. >=20 > However, if the original user belongs to supplementary groups > (usually not the case, if started as root), we don't drop those, > now, and rpmlint says: >=20 > passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt > passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt.a= vx2 >=20 > Add a call to setgroups() with an empty set, to drop any > supplementary group we might currently have, before changing GID > and UID. >=20 > Reported-by: Daniel P. Berrang=C3=A9 > Signed-off-by: Stefano Brivio Reviewed-by: David Gibson I'll keep this in mind for the rework I plan in this area. > --- > util.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) >=20 > diff --git a/util.c b/util.c > index 9b87b65..7e10deb 100644 > --- a/util.c > +++ b/util.c > @@ -525,7 +525,7 @@ void check_root(struct ctx *c) > #endif > } > =20 > - if (!setgid(c->gid) && !setuid(c->uid)) > + if (!setgroups(0, NULL) && !setgid(c->gid) && !setuid(c->uid)) > return; > =20 > fprintf(stderr, "Can't change user/group, exiting"); --=20 David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson --===============0690209083529661426== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUVCQ0FBZEZpRUVvVUx4V3U0L1dz MGRCK1h0Z3lwWTRnRXdZU0lGQW1NTlpiMEFDZ2tRZ3lwWTRnRXcKWVNJUlF3LytMNnM0QmpDK2tu R1VWRW5EWGpKMjc1K0ovYUNLQjdWTlRDZ0kzaFh2SUwyZWk2SmwxMkhyQy8wUQpjSnMrVUVqbmRC ekRlYlZEYlNBeCtVQ2NUZlVaaTZrMmt2L2pyRWlUcGp4QjFobGJEUWNuU3BhbDVKL1lMMlprCnN3 K0FrV3JLdjdicXRSU24xZldVQ293b3dycFQ3RndpcXhHWFNQdnNpSXVtNXpJVUpadmxycTlEb0Nl ZlM0NWkKZ29icW1yQSt3TXI1Qk5IQVVaN3JrT1ZYOUlNVnQrZXc5RWtmZ0Y0K2hHcG9pOUc4Lzhr NHg5ZGpvZk1QelpkNwpyVXloVXhDSmtZWW1tbU1pYkd3TEJUcHdvakMzMkNPc04rd0c4d0pEKy9C U2tJNnlqTjJ1Qys2azdRdWd0UVA3CkJYbzF2OE00UE1WVDhURVJoR3E1Tm5qVTVjcG5nNTBHVkZV Q1RCN0daK2pvejVOT0pOQjdYRW5zZjBLU3FQWmoKTzVWNVE5U01GaVVVTWVmSmVvMFFHNUMrcEJy TVZZTkRsQlZQVnBtNFNSN2pVYlR0cVpBMzBXaXJ2R0dCWTl2KwpkNVVucENaUTFsM1J1TWxWa1JY eXhtS3E2TUVFY2g5WDJNbUY4c01UdWdlNDRIMG84enZDTjJtd0M2dmFkaVphCjNkb3ZRbSt4MnRO Y3plKzNmY0luRkNGVlV4SUZPWm4vTjk5c0dNWlJTSlpCL3VCcmVVeEhJNUdWZlJDNFNTb3gKQ25Z ZEF4R09nYi8zV0tmWGVOVkQ3UE5EMWdJMlVGK1ROUTlzMjkyazBLc2R5TXdYYVdkV045ZkVDMXcy eXFKZAp4L0VUOWd2MmhHamRYc1FHS08xcjFtOUllYnN5ZkRISGVVcEx1VDFzMGtUZFNHWWVRSEU9 Cj11TGpGCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============0690209083529661426==--