On Sat, Jul 9, 2011 at 10:22 AM, Stefan Hajnoczi
<email address hidden> wrote:
> Andrew Griffiths reports that -runas does not set supplementary group
> IDs. This means that gid 0 (root) is not dropped when switching to an
> unprivileged user.
>
> Add an initgroups(3) call to use the -runas user's /etc/groups
> membership to update the supplementary group IDs.
>
> Signed-off-by: Stefan Hajnoczi <email address hidden>
> ---
> Note this needs compile testing on various POSIX host platforms. Tested on
> Linux. Should work on BSD and Solaris. initgroups(3) is SVr4/BSD but not in
> POSIX.
>
> os-posix.c | 6 ++++++
> 1 files changed, 6 insertions(+), 0 deletions(-)
Are you happy with this patch? Bumping because security-related.
Regarding portability, Linux, BSD, Solaris, and Mac OS X all provide
initgroups(3). I think we're good.
On Sat, Jul 9, 2011 at 10:22 AM, Stefan Hajnoczi
<email address hidden> wrote:
> Andrew Griffiths reports that -runas does not set supplementary group
> IDs. This means that gid 0 (root) is not dropped when switching to an
> unprivileged user.
>
> Add an initgroups(3) call to use the -runas user's /etc/groups
> membership to update the supplementary group IDs.
>
> Signed-off-by: Stefan Hajnoczi <email address hidden>
> ---
> Note this needs compile testing on various POSIX host platforms. Tested on
> Linux. Should work on BSD and Solaris. initgroups(3) is SVr4/BSD but not in
> POSIX.
>
> os-posix.c | 6 ++++++
> 1 files changed, 6 insertions(+), 0 deletions(-)
Are you happy with this patch? Bumping because security-related.
Regarding portability, Linux, BSD, Solaris, and Mac OS X all provide
initgroups(3). I think we're good.
Stefan