On 02/03/2016 04:52 PM, David Howells wrote:
> Clear the supplementary groups list when daemonising the process.
>
> This fixes the following issue raised by rpmlint:
>
> cachefilesd.x86_64: E: missing-call-to-setgroups-before-setuid /usr/sbin/cachefilesd
>
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> ---
>
> cachefilesd.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/cachefilesd.c b/cachefilesd.c
> index 8cf9179..94c3bf8 100644
> --- a/cachefilesd.c
> +++ b/cachefilesd.c
> @@ -47,6 +47,7 @@
> #include <time.h>
> #include <poll.h>
> #include <limits.h>
> +#include <grp.h>
> #include <sys/inotify.h>
> #include <sys/time.h>
> #include <sys/vfs.h>
> @@ -120,6 +121,8 @@ static unsigned long long brun, bcull, bstop, frun, fcull, fstop;
> static unsigned long long b_resume_threshold = ULLONG_MAX;
> static unsigned long long f_resume_threshold = 5;
>
> +static const gid_t group_list[0];
> +
> #define cachefd 3
>
> static __attribute__((noreturn))
> @@ -350,6 +353,9 @@ int main(int argc, char *argv[])
> oserror("Unable to get max open files");
>
> /* become owned by root */
> + if (setgroups(sizeof(group_list) / sizeof(gid_t), group_list) < 0)
> + oserror("Unable to clear the supplementary groups");
> +
> if (setresuid(0, 0, 0) < 0)
> oserror("Unable to set UID to 0");
>
>
> --
> Linux-cachefs mailing list
> Linux-cachefs@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/linux-cachefs
>
Looks sane to me as long as the packaging is always done via a compiler
that's happy to accept an array of size 0.
Reviewed-by: John Snow <jsnow@xxxxxxxxxx>
--
Linux-cachefs mailing list
Linux-cachefs@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/linux-cachefs
