Michael Meskes dixit:
>I did some more testing and it seems this simple patch fixes the issue:
I think you should still include a setgroups(0, NULL) call there.
Personally I’d prefer setres[ug]id() because that makes the intent
more explicit even when the effect is the same, but… I’ll let you
and the security team decide.
bye,
//mirabilos
--
“It is inappropriate to require that a time represented as
seconds since the Epoch precisely represent the number of
seconds between the referenced time and the Epoch.”
-- IEEE Std 1003.1b-1993 (POSIX) Section B.2.2.2
