From: Mark Wooding Date: Fri, 16 Mar 2012 01:17:31 +0000 (+0000) Subject: Don't try to change gid unless we're privileged. X-Git-Tag: 1.0.0pre11~31 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~mdw/git/tripe/commitdiff_plain/ec9b8aed722484df3578cef7a9058aff2ed20852 Don't try to change gid unless we're privileged. This affects both tripe(8) and tripectl(1). The options are still useful, since they determine the ownership of the administration socket. This is a result of a long-standing error by the author, who assumed that it was possible to setgid(2) to any existing supplementary group. --- diff --git a/client/tripectl.1.in b/client/tripectl.1.in index d517f9bc..4c6777e1 100644 --- a/client/tripectl.1.in +++ b/client/tripectl.1.in @@ -200,7 +200,9 @@ and options. .TP .BI "\-G, \-\-setgid=" group -Set gid to that of +If the current effective uid is zero (i.e., the daemon was invoked as +.BR root ) +then set gid to that of .I group (either a group name or integer gid) after initialization. If a new .BR tripe (8) diff --git a/common/util.c b/common/util.c index 92b9853d..78358b31 100644 --- a/common/util.c +++ b/common/util.c @@ -137,7 +137,9 @@ gid_t u_getgroup(const char *name) void u_setugid(uid_t u, gid_t g) { - if (g != (gid_t)-1) { + uid_t cu = geteuid(); + + if (cu == 0 && g != (gid_t)-1) { if (setgid(g) || (getuid() == 0 && setgroups(1, &g))) { die(EXIT_FAILURE, "couldn't setgid to %u: %s", (unsigned)g, strerror(errno)); diff --git a/server/tripe.8.in b/server/tripe.8.in index 9721246f..14ee0ab7 100644 --- a/server/tripe.8.in +++ b/server/tripe.8.in @@ -223,9 +223,13 @@ option. The selected user (and group) will also be the owner of the administration socket. .TP .BI "\-G, \-\-setgid=" group -Set gid to that of +If the current effective uid is zero (i.e., the daemon was invoked as +.BR root ) +then set gid to that of .I group -(either a group name or integer gid) after initialization. +(either a group name or integer gid) after initialization. In any +event, arrange hat the administration socket be owned by the given +.IR group . .TP .BI "\-k, \-\-priv\-keyring=" file Reads the private key from