Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:wrosenauer
sslh
missing-call-to-setgroups-before-setuid.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File missing-call-to-setgroups-before-setuid.patch of Package sslh
Index: sslh-v1.16/common.c =================================================================== --- sslh-v1.16.orig/common.c +++ sslh-v1.16/common.c @@ -577,6 +577,14 @@ void drop_privileges(const char* user_na set_keepcaps(1); + /* When dropping privileges from root, the `setgroups` call will + * remove any extraneous groups. If we don't call this, then + * even though our uid has dropped, we may still have groups + * that enable us to do super-user things. This will fail if we + * aren't root, so don't bother checking the return value, this + * is just done as an optimistic privilege dropping function. + */ + setgroups(0, NULL); res = setgid(pw->pw_gid); CHECK_RES_DIE(res, "setgid"); res = setuid(pw->pw_uid);
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor