> The first call to initgroups for user jobs looks fine, but the 2nd call for > system jobs (that specify setuid/setgid stanzas) has a few problems: > > (1) Shouldn't we only be calling this if we're root _and_ 'if (class->setuid > || class->setgid)' and then performing the password and group lookup for > job_setuid and job_setgid?
No, in the case where the root user is in additional groups, we need the initgroups call to populate the group list. > (2) The checks on pwd and grp for near the 2nd call to initgroups are not > currently legitimate - pwd and grp should be initialised to NULL to avoid > undefined behaviour. Oops, indeed, fixed. > (3) You don't need those two errno resets just before the 2nd call since the > code never explicitly checks errno there. Fixed. -- https://code.launchpad.net/~stgraber/upstart/upstart-initgroups/+merge/136794 Your team Upstart Reviewers is subscribed to branch lp:upstart. -- upstart-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/upstart-devel
