diff options
author | Denys Vlasenko | 2011-09-15 18:27:05 +0200 |
---|---|---|
committer | Denys Vlasenko | 2011-09-15 18:27:05 +0200 |
commit | 585541e8e338a85b9f18cf5f6ed88758b29e61f2 (patch) | |
tree | 6d17c3f52ecc3b9e05430793a923edb9b2551683 | |
parent | dd1eb413f28a2a8b5768056e1967e87b2363dc32 (diff) | |
download | busybox-585541e8e338a85b9f18cf5f6ed88758b29e61f2.zip busybox-585541e8e338a85b9f18cf5f6ed88758b29e61f2.tar.gz |
start_stop_daemon: set complementary group ids too. Closes 3253
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
-rw-r--r-- | debianutils/start_stop_daemon.c | 12 | ||||
-rw-r--r-- | networking/inetd.c | 2 |
2 files changed, 11 insertions, 3 deletions
diff --git a/debianutils/start_stop_daemon.c b/debianutils/start_stop_daemon.c index bc61959..02609c0 100644 --- a/debianutils/start_stop_daemon.c +++ b/debianutils/start_stop_daemon.c @@ -502,8 +502,16 @@ int start_stop_daemon_main(int argc UNUSED_PARAM, char **argv) if (opt & OPT_c) { struct bb_uidgid_t ugid = { -1, -1 }; parse_chown_usergroup_or_die(&ugid, chuid); - if (ugid.gid != (gid_t) -1) xsetgid(ugid.gid); - if (ugid.uid != (uid_t) -1) xsetuid(ugid.uid); + if (ugid.uid != (uid_t) -1) { + struct passwd *pw = xgetpwuid(ugid.uid); + if (ugid.gid != (gid_t) -1) + pw->pw_gid = ugid.gid; + /* initgroups, setgid, setuid: */ + change_identity(pw); + } else if (ugid.gid != (gid_t) -1) { + xsetgid(ugid.gid); + setgroups(1, &ugid.gid); + } } #if ENABLE_FEATURE_START_STOP_DAEMON_FANCY if (opt & OPT_NICELEVEL) { diff --git a/networking/inetd.c b/networking/inetd.c index fc6847b..26b6699 100644 --- a/networking/inetd.c +++ b/networking/inetd.c @@ -1414,7 +1414,7 @@ int inetd_main(int argc UNUSED_PARAM, char **argv) bb_error_msg("non-root must run services as himself"); goto do_exit1; } - if (pwd->pw_uid) { + if (pwd->pw_uid != 0) { if (sep->se_group) pwd->pw_gid = grp->gr_gid; /* initgroups, setgid, setuid: */ |