Call setgroups() before setgid() to drop supplementary groups.

See also: https://www.securecoding.cert.org/confluence/display/seccode/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
2023-08-10 21:13:08 +03:00 · 2015-01-01 22:22:41 +11:00 · 2015-01-01 22:22:41 +11:00 · 49ad7a0421
commit 49ad7a0421
parent 03a22661a0
1 changed files with 5 additions and 0 deletions
--- a/darkhttpd.c
+++ b/darkhttpd.c
@ -53,6 +53,7 @@ static const int debug = 1;
 #include <errno.h>
 #include <fcntl.h>
 #include <grp.h>
+#include <limits.h>
 #include <pwd.h>
 #include <signal.h>
 #include <stdarg.h>
@ -2538,6 +2539,10 @@ int main(int argc, char **argv) {
        wwwroot[0] = '\0'; /* empty string */
    }
    if (drop_gid != INVALID_GID) {
+        gid_t list[1];
+        list[0] = drop_gid;
+        if (setgroups(1, list) == -1)
+            err(1, "setgroups([%d])", (int)drop_gid);
        if (setgid(drop_gid) == -1)
            err(1, "setgid(%d)", (int)drop_gid);
        printf("set gid to %d\n", (int)drop_gid);