Comment 3 for bug 1452239

Martin Pitt (pitti) wrote :

This is the patch targetted at trunk. Note that I already pushed two commits which fix the tests to run properly under suid_dumpable == 2; when I first noticed that the signal_crashes.test_crash_setuid_{keep,drop}() tests started failing after the systemd move I made a bogus change to the tests (r2955):

The attached patch contains tests, NEWS entry, and detailled explanations in the commit log. I realize it's relatively intrusive, but properly running this with much more restrictive privileges required some special-cases. It shows that drop_privileges() was written in 2006 already, waay before suid_dumpable even existed, so handling uid != euid wasn't an issue back then. Sins of the past... :-(

Next step I'll look into providing backports for all supported releases.