unix: call setgoups before calling setuid/setgid

Backported from v1.x (66ab389) PR-URL: https://github.com/libuv/libuv/pull/215 Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
2014-02-10 17:41:51 +01:00 · 2014-02-10 17:41:51 +01:00 · 2773e1181d
commit 2773e1181d
parent 22725f2433
1 changed files with 15 additions and 0 deletions
--- a/src/unix/process.c
+++ b/src/unix/process.c
@ -40,6 +40,10 @@
 extern char **environ;
 #endif

+#ifdef __linux__
+# include <grp.h>
+#endif
+

 static ngx_queue_t* uv__process_queue(uv_loop_t* loop, int pid) {
  assert(pid > 0);
@ -331,6 +335,17 @@ static void uv__process_child_init(uv_process_options_t options,
    _exit(127);
  }

+  if (options.flags & (UV_PROCESS_SETUID | UV_PROCESS_SETGID)) {
+    /* When dropping privileges from root, the `setgroups` call will
+     * remove any extraneous groups. If we don't call this, then
+     * even though our uid has dropped, we may still have groups
+     * that enable us to do super-user things. This will fail if we
+     * aren't root, so don't bother checking the return value, this
+     * is just done as an optimistic privilege dropping function.
+     */
+    SAVE_ERRNO(setgroups(0, NULL));
+  }
+
  if ((options.flags & UV_PROCESS_SETGID) && setgid(options.gid)) {
    uv__write_int(error_fd, errno);
    _exit(127);