In relinquish_special_privs_perm(), only relinquish special privileges
if we were given them; doing so when we weren't seems to change the apparent group set in OS X 10.5 (and possibly 10.4 - the group set manipulated by getgroups()/setgroups() isn't the full group set, and changing your UID might cause the credential identity resolver daemon not to give you your full group set). svn path=/trunk/; revision=23234
This commit is contained in:
parent
0ea7d1372f
commit
c21209b031
|
@ -218,21 +218,31 @@ running_with_special_privs(void)
|
|||
void
|
||||
relinquish_special_privs_perm(void)
|
||||
{
|
||||
/* If we're running setuid, switch to the calling user */
|
||||
/*
|
||||
* If we were started with special privileges, set the
|
||||
* real and effective group and user IDs to the original
|
||||
* values of the real and effective group and user IDs.
|
||||
* If we're not, don't bother - doing so seems to mung
|
||||
* our group set, at least in OS X 10.5.
|
||||
*
|
||||
* (Set the effective UID last - that takes away our
|
||||
* rights to set anything else.)
|
||||
*/
|
||||
if (started_with_special_privs()) {
|
||||
#ifdef HAVE_SETRESGID
|
||||
setresgid(rgid, rgid, rgid);
|
||||
setresgid(rgid, rgid, rgid);
|
||||
#else
|
||||
setgid(rgid);
|
||||
setegid(rgid);
|
||||
setgid(rgid);
|
||||
setegid(rgid);
|
||||
#endif
|
||||
|
||||
#ifdef HAVE_SETRESUID
|
||||
setresuid(ruid, ruid, ruid);
|
||||
setresuid(ruid, ruid, ruid);
|
||||
#else
|
||||
setuid(ruid);
|
||||
seteuid(ruid);
|
||||
setuid(ruid);
|
||||
seteuid(ruid);
|
||||
#endif
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
Loading…
Reference in New Issue