diff options
author | Markos Chandras <mchandras@suse.de> | 2016-05-18 09:36:16 +0100 |
---|---|---|
committer | Pavel Šimerda <pavlix@pavlix.net> | 2016-08-23 12:24:16 +0200 |
commit | 911cb11a8108f35b732d3affd4df33eacb1429f5 (patch) | |
tree | c0c8cdf2604a619f50b3f45abb6dbdaface06596 | |
parent | d141cb6e4ee3388f0508afa0f6368aaa1236778c (diff) | |
download | iputils-911cb11a8108f35b732d3affd4df33eacb1429f5.tar.gz |
tftpd: Drop supplementary groups for root
Before dropping our root privileges, we need to make sure that root
does not belong to any other group. That's because setgid() will change
the gid but it will leave the supplementary groups unchanged so we may
still be able to do privilege operations. Use setgroups() before set{u,g}id
to ensure that root does not have any unexpected priviledges.
Link: https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
Signed-off-by: Markos Chandras <mchandras@suse.de>
-rw-r--r-- | tftpd.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -54,6 +54,7 @@ #include <ctype.h> #include <string.h> #include <stdlib.h> +#include <grp.h> #include "tftp.h" @@ -101,6 +102,8 @@ int main(int ac, char **av) /* Sanity. If parent forgot to setuid() on us. */ if (geteuid() == 0) { + /* Drop all supplementary groups. No error checking is needed */ + setgroups(0, NULL); if (setgid(65534) || setuid(65534)) { syslog(LOG_ERR, "set*id failed: %m\n"); exit(1); |