On 3/29/2017 3:08 PM, Nick Wyman wrote:
The setregid call simply returns -1. What is odd is that it is the
wrapper is attempting to set the GID to the current value.
I don't have the linux kernel source handy, but in the freebsd code if the
calling process doesn't have the right credentials, looks like it'll bounce
regardless of what you're trying to change. That is.... (slightly
reformatted, and I may be wrong, too)
egid = uap->egid;
rgid = uap->rgid;
...
if (
(
(rgid != (gid_t)-1 &&
rgid != oldcred->cr_rgid &&
rgid != oldcred->cr_svgid)
||
(egid != (gid_t)-1 &&
egid != oldcred->cr_groups[0] &&
egid != oldcred->cr_rgid &&
egid != oldcred->cr_svgid)
)
&&
(error = priv_check_cred(oldcred, PRIV_CRED_SETREGID, 0)) != 0
)
goto fail;
(/usr/src/sys/kern/kern_prot.c on a 10.3 system)
Sort of sounds to me that either the calling process isn't actually the IDs
it should be or that the kernel semantics changed.
Instead of using the wrapper itself, have you written a simple test program
to play around with combinations of UID/GID? Might be faster just to try
some variations and see what happens (and maybe try the same on a slightly
older system).
Later,
z!
who really isn't a BSD kernel hacker
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe:
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
