sync/ports
1
0
Fork 0
mirror of https://git.freebsd.org/ports.git synced 2025-07-18 09:49:18 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add vendor patch to correctly drop group privileges when changing uid.

Browse source
This commit is contained in:
David E. O'Brien 2002-02-21 18:40:21 +00:00
parent 74a020840a
commit c8bdef2e13
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/head/; revision=55050
2 changed files with 28 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/rsync/Makefile
View file

@ -8,7 +8,7 @@
PORTNAME= rsync PORTNAME= rsync
PORTVERSION= 2.5.2 PORTVERSION= 2.5.2
PORTREVISION= 0 PORTREVISION= 1
CATEGORIES= net ipv6 CATEGORIES= net ipv6
MASTER_SITES= ftp://samba.anu.edu.au/pub/rsync/ \ MASTER_SITES= ftp://samba.anu.edu.au/pub/rsync/ \
ftp://sunsite.auc.dk/pub/unix/rsync/ \ ftp://sunsite.auc.dk/pub/unix/rsync/ \

27
net/rsync/files/patch-clientserver.c Normal file
View file

@ -0,0 +1,27 @@
--- clientserver.c 7 Feb 2002 16:36:12 -0000 1.82
+++ clientserver.c 21 Feb 2002 00:45:48 -0000 1.86
@@ -282,6 +285,24 @@
}
if (am_root) {
+ /* Get rid of any supplementary groups this process
+ * might have inheristed. */
+ if (setgroups(0, NULL)) {
+ rsyserr(FERROR, errno, "setgroups failed");
+ io_printf(fd, "@ERROR: setgroups failed\n");
+ return -1;
+ }
+
+ /* XXXX: You could argue that if the daemon is started
+ * by a non-root user and they explicitly specify a
+ * gid, then we should try to change to that gid --
+ * this could be possible if it's already in their
+ * supplementary groups. */
+
+ /* TODO: Perhaps we need to document that if rsyncd is
+ * started by somebody other than root it will inherit
+ * all their supplementary groups. */
+
if (setgid(gid)) {
rsyserr(FERROR, errno, "setgid %d failed", (int) gid);
io_printf(fd,"@ERROR: setgid failed\n");