From patchwork Mon Feb 15 22:13:58 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Hans de Goede X-Patchwork-Id: 8319761 Return-Path: X-Original-To: patchwork-linux-media@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.136]) by patchwork1.web.kernel.org (Postfix) with ESMTP id 037879F399 for ; Mon, 15 Feb 2016 22:14:14 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 3393320384 for ; Mon, 15 Feb 2016 22:14:13 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 5B0E62027D for ; Mon, 15 Feb 2016 22:14:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752914AbcBOWOF (ORCPT ); Mon, 15 Feb 2016 17:14:05 -0500 Received: from mx1.redhat.com ([209.132.183.28]:43592 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752002AbcBOWOE (ORCPT ); Mon, 15 Feb 2016 17:14:04 -0500 Received: from int-mx10.intmail.prod.int.phx2.redhat.com (int-mx10.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by mx1.redhat.com (Postfix) with ESMTPS id DBFA4C0BBE7C for ; Mon, 15 Feb 2016 22:14:03 +0000 (UTC) Received: from shalem.localdomain.com (vpn1-5-7.ams2.redhat.com [10.36.5.7]) by int-mx10.intmail.prod.int.phx2.redhat.com (8.14.4/8.14.4) with ESMTP id u1FME1Fj014927; Mon, 15 Feb 2016 17:14:02 -0500 From: Hans de Goede To: Linux Media Mailing List Cc: Hans de Goede Subject: [PATCH xawtv3] alevtd: Drop supplementary group IDs when dropping privileges Date: Mon, 15 Feb 2016 23:13:58 +0100 Message-Id: <1455574438-27640-1-git-send-email-hdegoede@redhat.com> X-Scanned-By: MIMEDefang 2.68 on 10.5.11.23 Sender: linux-media-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-media@vger.kernel.org X-Spam-Status: No, score=-6.9 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=unavailable version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Noticed by rpmlint, seek POS36-C on the web for details about the problem. Signed-off-by: Hans de Goede --- vbistuff/alevtd.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/vbistuff/alevtd.c b/vbistuff/alevtd.c index c6211d3..2df4886 100644 --- a/vbistuff/alevtd.c +++ b/vbistuff/alevtd.c @@ -168,8 +168,10 @@ fix_ug(void) } /* set group */ - if (getegid() != gr->gr_gid || getgid() != gr->gr_gid) + if (getegid() != gr->gr_gid || getgid() != gr->gr_gid) { + setgroups(0, NULL); setgid(gr->gr_gid); + } if (getegid() != gr->gr_gid || getgid() != gr->gr_gid) { xerror(LOG_ERR,"setgid failed",NULL); exit(1); @@ -177,8 +179,10 @@ fix_ug(void) strncpy(group,gr->gr_name,16); /* set user */ - if (geteuid() != pw->pw_uid || getuid() != pw->pw_uid) + if (geteuid() != pw->pw_uid || getuid() != pw->pw_uid) { + setgroups(0, NULL); setuid(pw->pw_uid); + } if (geteuid() != pw->pw_uid || getuid() != pw->pw_uid) { xerror(LOG_ERR,"setuid failed",NULL); exit(1);