In relinquish_special_privs_perm(), only relinquish special privileges

if we were given them; doing so when we weren't seems to change the apparent group set in OS X 10.5 (and possibly 10.4 - the group set manipulated by getgroups()/setgroups() isn't the full group set, and changing your UID might cause the credential identity resolver daemon not to give you your full group set). svn path=/trunk/; revision=23234
2007-10-20 03:45:47 +00:00 · 2007-10-20 03:45:47 +00:00 · c21209b031
parent 0ea7d1372f
commit c21209b031
1 changed files with 18 additions and 8 deletions
--- a/epan/privileges.c
+++ b/epan/privileges.c
@ -218,21 +218,31 @@ running_with_special_privs(void)
 void
 relinquish_special_privs_perm(void)
 {
-	/* If we're running setuid, switch to the calling user */
+	/*
+	 * If we were started with special privileges, set the
+	 * real and effective group and user IDs to the original
+	 * values of the real and effective group and user IDs.
+	 * If we're not, don't bother - doing so seems to mung
+	 * our group set, at least in OS X 10.5.
+	 *
+	 * (Set the effective UID last - that takes away our
+	 * rights to set anything else.)
+	 */
+	if (started_with_special_privs()) {
 #ifdef HAVE_SETRESGID
-	setresgid(rgid, rgid, rgid);
+		setresgid(rgid, rgid, rgid);
 #else
-	setgid(rgid);
-	setegid(rgid);
+		setgid(rgid);
+		setegid(rgid);
 #endif

 #ifdef HAVE_SETRESUID
-	setresuid(ruid, ruid, ruid);
+		setresuid(ruid, ruid, ruid);
 #else
-	setuid(ruid);
-	seteuid(ruid);
+		setuid(ruid);
+		seteuid(ruid);
 #endif
-
+	}
 }

 /*