This is the patch targetted at trunk. Note that I already pushed two commits which fix the tests to run properly under suid_dumpable == 2; when I first noticed that the signal_crashes.test_crash_setuid_{keep,drop}() tests started failing after the systemd move I made a bogus change to the tests (r2955):
The attached patch contains tests, NEWS entry, and detailled explanations in the commit log. I realize it's relatively intrusive, but properly running this with much more restrictive privileges required some special-cases. It shows that drop_privileges() was written in 2006 already, waay before suid_dumpable even existed, so handling uid != euid wasn't an issue back then. Sins of the past... :-(
Next step I'll look into providing backports for all supported releases.
This is the patch targetted at trunk. Note that I already pushed two commits which fix the tests to run properly under suid_dumpable == 2; when I first noticed that the signal_ crashes. test_crash_ setuid_ {keep,drop} () tests started failing after the systemd move I made a bogus change to the tests (r2955):
http:// bazaar. launchpad. net/~apport- hackers/ apport/ trunk/revision/ 2954 bazaar. launchpad. net/~apport- hackers/ apport/ trunk/revision/ 2955
http://
The attached patch contains tests, NEWS entry, and detailled explanations in the commit log. I realize it's relatively intrusive, but properly running this with much more restrictive privileges required some special-cases. It shows that drop_privileges() was written in 2006 already, waay before suid_dumpable even existed, so handling uid != euid wasn't an issue back then. Sins of the past... :-(
Next step I'll look into providing backports for all supported releases.