From ec9b8aed722484df3578cef7a9058aff2ed20852 Mon Sep 17 00:00:00 2001 Message-Id: From: Mark Wooding Date: Fri, 16 Mar 2012 01:17:31 +0000 Subject: [PATCH 1/1] Don't try to change gid unless we're privileged. Organization: Straylight/Edgeware From: Mark Wooding This affects both tripe(8) and tripectl(1). The options are still useful, since they determine the ownership of the administration socket. This is a result of a long-standing error by the author, who assumed that it was possible to setgid(2) to any existing supplementary group. --- client/tripectl.1.in | 4 +++- common/util.c | 4 +++- server/tripe.8.in | 8 ++++++-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/client/tripectl.1.in b/client/tripectl.1.in index d517f9bc..4c6777e1 100644 --- a/client/tripectl.1.in +++ b/client/tripectl.1.in @@ -200,7 +200,9 @@ and options. .TP .BI "\-G, \-\-setgid=" group -Set gid to that of +If the current effective uid is zero (i.e., the daemon was invoked as +.BR root ) +then set gid to that of .I group (either a group name or integer gid) after initialization. If a new .BR tripe (8) diff --git a/common/util.c b/common/util.c index 92b9853d..78358b31 100644 --- a/common/util.c +++ b/common/util.c @@ -137,7 +137,9 @@ gid_t u_getgroup(const char *name) void u_setugid(uid_t u, gid_t g) { - if (g != (gid_t)-1) { + uid_t cu = geteuid(); + + if (cu == 0 && g != (gid_t)-1) { if (setgid(g) || (getuid() == 0 && setgroups(1, &g))) { die(EXIT_FAILURE, "couldn't setgid to %u: %s", (unsigned)g, strerror(errno)); diff --git a/server/tripe.8.in b/server/tripe.8.in index 9721246f..14ee0ab7 100644 --- a/server/tripe.8.in +++ b/server/tripe.8.in @@ -223,9 +223,13 @@ option. The selected user (and group) will also be the owner of the administration socket. .TP .BI "\-G, \-\-setgid=" group -Set gid to that of +If the current effective uid is zero (i.e., the daemon was invoked as +.BR root ) +then set gid to that of .I group -(either a group name or integer gid) after initialization. +(either a group name or integer gid) after initialization. In any +event, arrange hat the administration socket be owned by the given +.IR group . .TP .BI "\-k, \-\-priv\-keyring=" file Reads the private key from -- [mdw]