diff options
| author | Mateusz Moscicki <m.moscicki2@partner.samsung.com> | 2019-11-18 09:24:40 +0100 |
|---|---|---|
| committer | Mateusz Moscicki <m.moscicki2@partner.samsung.com> | 2019-11-21 12:57:10 +0100 |
| commit | faf2ad14643c87d24ad368e41550db8d7cb38fe9 (patch) | |
| tree | fe4b9b8491daa9f9a0c38dde1bf41635c34fa110 | |
| parent | c38cf62a26cefb71f83d07b465ab68cad8d6de89 (diff) | |
| download | crash-worker-faf2ad14643c87d24ad368e41550db8d7cb38fe9.tar.gz crash-worker-faf2ad14643c87d24ad368e41550db8d7cb38fe9.tar.bz2 crash-worker-faf2ad14643c87d24ad368e41550db8d7cb38fe9.zip | |
Set supplementary groups for the crash-manager process
Change-Id: I8283c0ca4605d6e882836e4a02079c65dd1ad30c
| -rw-r--r-- | src/crash-manager/main.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/crash-manager/main.c b/src/crash-manager/main.c index ed7c9af..0b34d3b 100644 --- a/src/crash-manager/main.c +++ b/src/crash-manager/main.c @@ -1,4 +1,5 @@ #include <getopt.h> +#include <grp.h> #include <pwd.h> #include <stdio.h> #include <stdlib.h> @@ -170,6 +171,35 @@ exit: return res; } +static bool set_groups(const char *user_name, const gid_t gid) +{ + int ngroup = 0; + errno = 0; + int ret = getgrouplist(user_name, gid, NULL, &ngroup); + if (ret != -1) { + _E("getgrouplist() unexpected return value: %d", ret); + return false; + } else if (errno != 0) { + _E("getgrouplist() unexcepted failure: %m"); + return false; + } + + gid_t groups[ngroup]; + ret = getgrouplist(user_name, gid, groups, &ngroup); + if (ret == -1) { + _E("getgrouplist() error"); + return false; + } + + ret = setgroups(ngroup, groups); + if (ret != 0) { + _E("setgroups() error: %m\n"); + return false; + } + + return true; +} + static bool drop_privileges(const char *user_name) { struct passwd *user_info = getpwnam(user_name); @@ -190,6 +220,9 @@ static bool drop_privileges(const char *user_name) return false; } + if (!set_groups(user_name, user_info->pw_gid)) + return false; + if (setuid(user_info->pw_uid) == -1) { _E("setuid() error: %m\n"); return false; |