Mercurial > dovecot > original-hg > dovecot-1.2
changeset 6991:d7a48bf83a0e HEAD
Don't use empty setgroups() list to drop groups. It doesn't work at least
with OSX.
author | Timo Sirainen <tss@iki.fi> |
---|---|
date | Mon, 10 Dec 2007 15:58:27 +0200 |
parents | e43c4db35e94 |
children | 249e6c711e8d |
files | src/lib/restrict-access.c |
diffstat | 1 files changed, 8 insertions(+), 4 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib/restrict-access.c Mon Dec 10 13:21:30 2007 +0200 +++ b/src/lib/restrict-access.c Mon Dec 10 15:58:27 2007 +0200 @@ -93,7 +93,7 @@ return group->gr_gid; } -static void fix_groups_list(const char *extra_groups, +static void fix_groups_list(const char *extra_groups, gid_t egid, bool preserve_existing, bool *have_root_group) { gid_t *gid_list; @@ -112,8 +112,11 @@ return; } } else { - gid_list = t_new(gid_t, 1); - gid_count = 0; + /* Some OSes don't like an empty groups list, + so use the effective GID as the only one. */ + gid_list = t_new(gid_t, 2); + gid_list[0] = egid; + gid_count = 1; } /* add extra groups to gids list */ @@ -169,7 +172,8 @@ env = getenv("RESTRICT_SETEXTRAGROUPS"); if (is_root) { T_FRAME( - fix_groups_list(env, preserve_groups, &have_root_group); + fix_groups_list(env, gid, preserve_groups, + &have_root_group); ); }