On 03/08/2012 09:37 AM, Steve Dickson wrote:
> Drop out of the 'root' group to ensure the process does
> not have any access to writable or readable files
> to that group.
>
> Signed-off-by: Steve Dickson <steved@xxxxxxxxxx>
Committed....
steved.
> ---
> src/rpcbind.c | 4 ++++
> 1 files changed, 4 insertions(+), 0 deletions(-)
>
> diff --git a/src/rpcbind.c b/src/rpcbind.c
> index 24e069b..9a0504d 100644
> --- a/src/rpcbind.c
> +++ b/src/rpcbind.c
> @@ -236,6 +236,10 @@ main(int argc, char *argv[])
> syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
> exit(1);
> }
> + if (setgroups(0, NULL) == -1) {
> + syslog(LOG_ERR, "dropping supplemental groups failed: %m");
> + exit(1);
> + }
> if (setuid(p->pw_uid) == -1) {
> syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid);
> exit(1);
--
To unsubscribe from this list: send the line "unsubscribe linux-nfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
