Does that actually work that way around? After setuid() you usually lose the privilege of changing between arbitrary groups (CAP_SETGID). I suppose it actually works if you switch to the user's primary group, but I've seen it to fail in the past in daemons changing to a system user. The usual approach is to change the group first, then the user. But the result here would be an abort of the job, which is safe, so I don't object to the change with my release hat on because of this.
I noted that the new version does this:
+ if (uid && setuid (uid) < 0) { raise_system (); error_abort (fds[1], JOB_PROCESS_ ERROR_SETUID, 0); raise_system (); error_abort (fds[1], JOB_PROCESS_ ERROR_SETGID, 0);
+ nih_error_
+ job_process_
+ }
+
+ if (pw->pw_gid && setgid (pw->pw_gid) < 0) {
+ nih_error_
+ job_process_
+ }
Does that actually work that way around? After setuid() you usually lose the privilege of changing between arbitrary groups (CAP_SETGID). I suppose it actually works if you switch to the user's primary group, but I've seen it to fail in the past in daemons changing to a system user. The usual approach is to change the group first, then the user. But the result here would be an abort of the job, which is safe, so I don't object to the change with my release hat on because of this.