diff options
| author | Anna (navi) Figueiredo Gomes <navi@vlhl.dev> | 2025-11-19 19:20:54 +0100 |
|---|---|---|
| committer | Anna (navi) Figueiredo Gomes <navi@vlhl.dev> | 2025-11-19 19:39:47 +0100 |
| commit | 500a52218dc71386ed2771b5889d4890cec3228f (patch) | |
| tree | c6a8f39c5dc4c429a6dca2e9b0eeba8c423c2de4 /src/start-stop-daemon/start-stop-daemon.c | |
| parent | 6e6afa1b5056cc8ae7e40c4a3f58bb6868eda821 (diff) | |
*-daemon: always call setgroups, defaulting to count = 0origin/setgroups-zero
services started by init don't get any supplementary groups, but anything
started from a shell would inherit the groups, causing inconsistent
behaviour
we can either clear all groups, or always initalize root's groups. since
other init systems does not initialize anything, including us at boot,
let's just always clear them unconditionally
Diffstat (limited to 'src/start-stop-daemon/start-stop-daemon.c')
| -rw-r--r-- | src/start-stop-daemon/start-stop-daemon.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/src/start-stop-daemon/start-stop-daemon.c b/src/start-stop-daemon/start-stop-daemon.c index fdcd9032..54d74355 100644 --- a/src/start-stop-daemon/start-stop-daemon.c +++ b/src/start-stop-daemon/start-stop-daemon.c @@ -892,7 +892,7 @@ int main(int argc, char **argv) /* Child process - lets go! */ if (pid == 0) { gid_t group_buf[32], *group_list = group_buf; - int group_count = ARRAY_SIZE(group_buf); + int group_count = 0; pid_t mypid = getpid(); close(pipefd[0]); /* Close the read end of the pipe. */ umask(numask); @@ -950,10 +950,13 @@ int main(int argc, char **argv) applet, pam_strerror(pamh, pamr)); } #endif - if (changeuser && getgrouplist(changeuser, gid, group_list, &group_count) < 0) { - group_list = xmalloc(group_count * sizeof(*group_list)); - if (getgrouplist(changeuser, gid, group_list, &group_count) < 0) - eerrorx("%s: getgrouplist(%s, %"PRIuMAX")", applet, changeuser, (uintmax_t)gid); + if (changeuser) { + group_count = ARRAY_SIZE(group_buf); + if (getgrouplist(changeuser, gid, group_list, &group_count) < 0) { + group_list = xmalloc(group_count * sizeof(*group_list)); + if (getgrouplist(changeuser, gid, group_list, &group_count) < 0) + eerrorx("%s: getgrouplist(%s, %"PRIuMAX")", applet, changeuser, (uintmax_t)gid); + } } /* Close any fd's to the passwd database */ @@ -980,7 +983,7 @@ int main(int argc, char **argv) if (gid && setgid(gid)) eerrorx("%s: unable to set groupid to %"PRIuMAX, applet, (uintmax_t)gid); - if (changeuser && setgroups(group_count, group_list)) + if (setgroups(group_count, group_list)) eerrorx("%s: setgroups() failed", applet); if (group_list != group_buf) free(group_list); |