summaryrefslogtreecommitdiff
path: root/src/libstddjb/prot_grps.c
diff options
context:
space:
mode:
authorLaurent Bercot <ska-skaware@skarnet.org>2017-07-16 16:52:08 +0000
committerLaurent Bercot <ska-skaware@skarnet.org>2017-07-16 16:52:08 +0000
commit8b000a20cc367c727b9f2c0d8e68372d0c9df995 (patch)
tree4b1fe6d66241ee4844a77f9dad61bf14a3bb97e2 /src/libstddjb/prot_grps.c
parent61c1f79bcace61c650edd09fc4424c2d08fbf79e (diff)
downloadskalibs-8b000a20cc367c727b9f2c0d8e68372d0c9df995.tar.xz
More secure setgroups functions. (thanks muh)
Diffstat (limited to 'src/libstddjb/prot_grps.c')
-rw-r--r--src/libstddjb/prot_grps.c14
1 files changed, 12 insertions, 2 deletions
diff --git a/src/libstddjb/prot_grps.c b/src/libstddjb/prot_grps.c
index cc4ba0d..c5ea35b 100644
--- a/src/libstddjb/prot_grps.c
+++ b/src/libstddjb/prot_grps.c
@@ -2,16 +2,26 @@
/* MT-unsafe */
-#include <skalibs/nonposix.h>
#include <unistd.h>
+#include <pwd.h>
#include <grp.h>
#include <limits.h>
+#include <errno.h>
#include <skalibs/setgroups.h>
#include <skalibs/djbunix.h>
int prot_grps (char const *name)
{
gid_t tab[NGROUPS_MAX] ;
+ struct passwd *pw ;
int n = prot_readgroups(name, tab, NGROUPS_MAX) ;
- return n < 0 ? -1 : setgroups(n, tab) ;
+ if (n < 0) return n ;
+ errno = 0 ;
+ pw = getpwnam(name) ;
+ if (!pw)
+ {
+ if (!errno) errno = ENOENT ;
+ return -1 ;
+ }
+ return setgroups_and_gid(pw->pw_gid, n, tab) ;
}