This is an automated email from the git hooks/post-receive script. guillem pushed a commit to branch main in repository dpkg.
View the commit online: https://git.dpkg.org/cgit/dpkg/dpkg.git/commit/?id=12965e4f0a02375028f5d85095f64b99aecb6b60 commit 12965e4f0a02375028f5d85095f64b99aecb6b60 Author: Christian Göttsche <[email protected]> AuthorDate: Tue Jul 5 00:40:05 2022 +0200 dpkg: Avoid setgid(2) call if not needed If run as root, dpkg unconditionally calls setgid(0), for example if called as «dpkg --print-foreign-architectures» via lsb_release(1). On Linux this causes a POSIX capability check for CAP_SETGID, which for SELinux performs a permission check on the subject type. Allowing that access unnecessarily broadens the privileges of the subject, and ignoring (dontaudit'ing) might hide situations where CAP_SETGID is required (maybe within another program, but same SELinux type). This change makes the code only call setgid() if the current group ID is not 0 (=root). Since the condition also checks for the root user via getuid(), checking getegid() seems not to be necessary. Closes: #1014332 Signed-off-by: Guillem Jover <[email protected]> --- src/main/main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/main.c b/src/main/main.c index 6b43e3e15..9cba932aa 100644 --- a/src/main/main.c +++ b/src/main/main.c @@ -757,7 +757,7 @@ int main(int argc, const char *const *argv) { /* When running as root, make sure our primary group is also root, so * that files created by maintainer scripts have correct ownership. */ - if (!in_force(FORCE_NON_ROOT) && getuid() == 0) + if (!in_force(FORCE_NON_ROOT) && getuid() == 0 && getgid() != 0) if (setgid(0) < 0) ohshite(_("cannot set primary group ID to root")); -- Dpkg.Org's dpkg
