diff options
| author | Florian Westphal <fw@strlen.de> | 2013-08-27 00:19:31 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2013-08-27 00:19:31 +0200 |
| commit | e009ccbe66f67a4c5344d6a1f415c50b699765ad (patch) | |
| tree | 032f0911872788c332859993e0bc6f002f16bc47 /src | |
| parent | 46d43dc09c82e05762ec05585eed65ba953e6887 (diff) | |
| download | ngircd-e009ccbe66f67a4c5344d6a1f415c50b699765ad.tar.gz ngircd-e009ccbe66f67a4c5344d6a1f415c50b699765ad.zip | |
ngircd: discard supplementary group ids on startup
The intention was to switch to JUST uid:gid, but setgid is not sufficient. Reported-by: Michael Scherer <misc@zarb.org>
Diffstat (limited to 'src')
| -rw-r--r-- | src/ngircd/ngircd.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c index e075e0a7..4099719b 100644 --- a/src/ngircd/ngircd.c +++ b/src/ngircd/ngircd.c @@ -724,6 +724,11 @@ NGIRCd_Init(bool NGIRCd_NoDaemon) if (real_errno != EPERM) goto out; } + if (setgroups(0, NULL) != 0) { + Log(LOG_ERR, "Can't drop supplementary group ids: %s!", + strerror(errno)); + goto out; + } } #endif |