[gpsd/f20] drop also supplementary groups when dropping privileges
Miroslav Lichvar
mlichvar at fedoraproject.org
Fri Feb 14 13:16:49 UTC 2014
commit bf81127b8beb4b0e3e7d4ffb652f45d8b32b4d9e
Author: Miroslav Lichvar <mlichvar at redhat.com>
Date: Mon Nov 25 13:24:30 2013 +0100
drop also supplementary groups when dropping privileges
gpsd-setgroups.patch | 23 +++++++++++++++++++++++
gpsd.spec | 3 +++
2 files changed, 26 insertions(+), 0 deletions(-)
---
diff --git a/gpsd-setgroups.patch b/gpsd-setgroups.patch
new file mode 100644
index 0000000..0afb91c
--- /dev/null
+++ b/gpsd-setgroups.patch
@@ -0,0 +1,23 @@
+commit c3f7db262c8e2e615dae9c3db6f0385bddc48df2
+Author: Miroslav Lichvar <mlichvar at redhat.com>
+Date: Fri Nov 22 18:19:41 2013 +0100
+
+ Drop also supplementary groups when dropping privileges.
+
+ Signed-off-by: Eric S. Raymond <esr at thyrsus.com>
+
+diff --git a/gpsd.c b/gpsd.c
+index c77f684..76d1850 100644
+--- a/gpsd.c
++++ b/gpsd.c
+@@ -2059,6 +2059,10 @@ int main(int argc, char *argv[])
+ * of any compromises in the code. It requires that all GPS
+ * devices have their group read/write permissions set.
+ */
++ if (setgroups(0, NULL) != 0)
++ gpsd_report(context.debug, LOG_ERROR,
++ "setgroups() failed, errno %s\n",
++ strerror(errno));
+ /*@-type@*/
+ #ifdef GPSD_GROUP
+ {
diff --git a/gpsd.spec b/gpsd.spec
index 3bd6771..ff900ce 100644
--- a/gpsd.spec
+++ b/gpsd.spec
@@ -14,6 +14,8 @@ Source11: gpsd.sysconfig
Patch1: gpsd-nolibcap.patch
# allow multiple options in LINKFLAGS
Patch2: gpsd-linkflags.patch
+# drop also supplementary groups when dropping privileges
+Patch4: gpsd-setgroups.patch
BuildRequires: dbus-devel dbus-glib-devel ncurses-devel xmlto python-devel
BuildRequires: scons desktop-file-utils bluez-libs-devel pps-tools-devel
@@ -78,6 +80,7 @@ can run on a serial terminal or terminal emulator.
%setup -q
%patch1 -p1 -b .nolibcap
%patch2 -p1 -b .linkflags
+%patch4 -p1 -b .setgroups
%build
export CCFLAGS="%{optflags}"
More information about the scm-commits
mailing list