This commit is contained in:
Artyom Pavlov 2019-08-19 19:58:35 +00:00 committed by GitHub
parent 5d75654cce
commit 1417f53863
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -183,18 +183,16 @@ impl Command {
cvt(libc::setgid(u as gid_t))?;
}
if let Some(u) = self.get_uid() {
// When dropping privileges from root, the `setgroups` call
// will remove any extraneous groups. If we don't call this,
// then even though our uid has dropped, we may still have
// groups that enable us to do super-user things. This will
// fail if we aren't root, so don't bother checking the
// return value, this is just done as an optimistic
// privilege dropping function.
//FIXME: Redox kernel does not support setgroups yet
if cfg!(not(target_os = "redox")) {
// When dropping privileges from root, the `setgroups` call
// will remove any extraneous groups. If we don't call this,
// then even though our uid has dropped, we may still have
// groups that enable us to do super-user things. This will
// fail if we aren't root, so don't bother checking the
// return value, this is just done as an optimistic
// privilege dropping function.
let _ = libc::setgroups(0, ptr::null());
}
#[cfg(not(target_os = "redox"))]
let _ = libc::setgroups(0, ptr::null());
cvt(libc::setuid(u as uid_t))?;
}
}