diff options
| author | Samuel Thibault <samuel.thibault@ens-lyon.org> | 2025-07-18 23:14:40 +0200 |
|---|---|---|
| committer | Aurelien Jarno <aurelien@aurel32.net> | 2025-08-06 11:56:44 +0200 |
| commit | c5476b7907d01207ede6bf57b26cef151b601f35 (patch) | |
| tree | 3c18a595b17788bfa177412dfb3f2bc0b56d293d | |
| parent | e5754399b542640f3f69c5e2513c57a307656032 (diff) | |
| download | glibc-release/2.42/master.zip glibc-release/2.42/master.tar.gz glibc-release/2.42/master.tar.bz2 | |
hurd: support: Fix running SGID testsrelease/2.42/master
Secure mode is enabled only if SGID actually provides a new privilege,
so we have to drop it before gaining it again.
Fixes commit 3a3fb2ed83f79100c116c824454095ecfb335ad7
("Fix error reporting (false negatives) in SGID tests")
(cherry picked from commit ad4589e2d834c80a042a8c354fb00cf33e06802c)
| -rw-r--r-- | support/support_capture_subprocess.c | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c index b4e4bf9..c89e65b 100644 --- a/support/support_capture_subprocess.c +++ b/support/support_capture_subprocess.c @@ -133,6 +133,27 @@ copy_and_spawn_sgid (const char *child_id, gid_t gid) if (chmod (execname, 02750) != 0) FAIL_UNSUPPORTED ("cannot make \"%s\" SGID: %m ", execname); + /* Now we can drop the privilege of that group. */ + const int count = 64; + gid_t groups[count]; + int ngroups = getgroups(count, groups); + + if (ngroups < 0) + FAIL_UNSUPPORTED ("Could not get group list again for user %jd\n", + (intmax_t) getuid ()); + + int n = 0; + for (int i = 0; i < ngroups; i++) + { + if (groups[i] != gid) + { + if (n != i) + groups[n] = groups[i]; + n++; + } + } + setgroups (n, groups); + /* We have the binary, now spawn the subprocess. Avoid using support_subprogram because we only want the program exit status, not the contents. */ |