On 06/04/2018 09:27 AM, L A Walsh wrote:
Andrei Borzenkov wrote:
@@ -1277,6 +1278,7 @@ disable_priv_mode () { int e;
+ setgroups(0, NULL); if (setuid (current_user.uid) < 0) { e = errno;
This appears to be a setuid call that would only work when transitioning away from root.
I may be misunderstanding the problem, but it seems the original poster had a problem when they transitioned *to* root, so the above code doesn't seem to make sense as being the soul source of problems.
Is there something that clears the groups upon a transition to root?
Would the above code ever be executed? As I understand it, we are talking about a SETUID program. Aren't privilege transitions handled in the kernel? It seems odd to have such code in a user-level program like a shell.
To be clear, and I have tested this, I am not loosing my group memberships when I start the suid pgm or during its execution. They are simply not being passed to an exec'd external entity. In the main program, not the example I provided, I fork/exec/wait. The main process still has my group memberships after that. They just don't make it into the exec'd pgm/script. Mark Regards Mark -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org