Here is the code from postfix, just as an example ;)
/*
* Look up the uid/gid before entering the jail, and save them
so they
* can't be clobbered. Set up the primary and secondary groups.
*/
if (user_name != 0) {
if ((pwd = getpwnam(user_name)) == 0)
msg_fatal("unknown user: %s", user_name);
uid = pwd->pw_uid;
gid = pwd->pw_gid;
if (setgid(gid) < 0)
msg_fatal("setgid(%ld): %m", (long) gid);
if (initgroups(user_name, gid) < 0)
msg_fatal("initgroups: %m");
}
/*
* Enter the jail.
*/
if (root_dir) {
if (chroot(root_dir))
msg_fatal("chroot(%s): %m", root_dir);
if (chdir("/"))
msg_fatal("chdir(/): %m");
}
/*
* Drop the user privileges.
*/
if (user_name != 0)
if (setuid(uid) < 0)
msg_fatal("setuid(%ld): %m", (long) uid);
On Aug 15, 2007, at 4:10 PM, Guy Harris wrote:
setuid() *should*, at least according to the Single UNIX
Specification,
set the real, effective, and set-user ID if the process is running
with
appropriate privileges. The same applies, *mutatis mutandis*, to
setgid().
In Mac OS X 10.4 and later, a process can, in effect, belong to a
bigger
group set than just the group set that fits in the credentials (checks
whether a process's group set includes a given group are done by
sending
a message to memberd). As I remember, the right way to change the
group
set of a process is to call initgroups(), passing it the user name of
the user whose group set you want the process to pick up and that
user's
primary group ID. initgroups() is a BSDism, and has been picked up by
other OSes, so it's not OS X-only; we should probably use it if
available.
Should the group set be changed *before* setting the effective user
ID?
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
Regards,
Sebastien Tandel
_______________________________________________
Wireshark-dev mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-dev
