Hello,
----- Original Message -----
> On Mon, Jan 14, 2013 at 10:16 AM, Miloslav Trmac <mitr@xxxxxxxxxx>
> wrote:
> > (On second thought, if the program is setuid, the setuid execution
> > mechanism doesn't change supplementary groups, so perhaps the call
> > isn't strictly necessary; Still, initializing the groups makes the
> > environment more deterministic. And as long as initgroups() is
> > called, it should be called in a way that works.)
>
> I'm fine with/would prefer dropping the initgroups entirely (That the
> initgroups man page, at least on my system, specifically talks about
> reading them from /etc/group, never mentioning nss worries me). If
> that's okay with you, otherwise I can move it to the beginning of
> dropping privileges.
Sorry about the late reply; after discussing it with colleagues, it seems that dropping the initgroups() is completely safe here.
Mirek
--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
