More secure setgroups functions. (thanks muh)

author: Laurent Bercot <ska-skaware@skarnet.org> 2017-07-16 16:52:08 +0000
committer: Laurent Bercot <ska-skaware@skarnet.org> 2017-07-16 16:52:08 +0000
commit: 8b000a20cc367c727b9f2c0d8e68372d0c9df995 (patch)
tree: 4b1fe6d66241ee4844a77f9dad61bf14a3bb97e2 /src/libstddjb/prot_grps.c
parent: 61c1f79bcace61c650edd09fc4424c2d08fbf79e (diff)
download: skalibs-8b000a20cc367c727b9f2c0d8e68372d0c9df995.tar.xz
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libstddjb/prot_grps.c b/src/libstddjb/prot_grps.c
index cc4ba0d..c5ea35b 100644
--- a/src/libstddjb/prot_grps.c
+++ b/src/libstddjb/prot_grps.c
@@ -2,16 +2,26 @@
 
 /* MT-unsafe */
 
-#include <skalibs/nonposix.h>
 #include <unistd.h>
+#include <pwd.h>
 #include <grp.h>
 #include <limits.h>
+#include <errno.h>
 #include <skalibs/setgroups.h>
 #include <skalibs/djbunix.h>
 
 int prot_grps (char const *name)
 {
   gid_t tab[NGROUPS_MAX] ;
+  struct passwd *pw ;
   int n = prot_readgroups(name, tab, NGROUPS_MAX) ;
-  return n < 0 ? -1 : setgroups(n, tab) ;
+  if (n < 0) return n ;
+  errno = 0 ;
+  pw = getpwnam(name) ;
+  if (!pw)
+  {
+    if (!errno) errno = ENOENT ;
+    return -1 ;
+  }
+  return setgroups_and_gid(pw->pw_gid, n, tab) ;
 }
author	Laurent Bercot <ska-skaware@skarnet.org>	2017-07-16 16:52:08 +0000
committer	Laurent Bercot <ska-skaware@skarnet.org>	2017-07-16 16:52:08 +0000
commit	8b000a20cc367c727b9f2c0d8e68372d0c9df995 (patch)
tree	4b1fe6d66241ee4844a77f9dad61bf14a3bb97e2 /src/libstddjb/prot_grps.c
parent	61c1f79bcace61c650edd09fc4424c2d08fbf79e (diff)
download	skalibs-8b000a20cc367c727b9f2c0d8e68372d0c9df995.tar.xz