From f823b72dcef4570334d6999d9783402556589a5f Mon Sep 17 00:00:00 2001 From: Davin McCall Date: Tue, 23 Jun 2020 21:36:40 +1000 Subject: [PATCH] Set group id before user id in child process Should fix issue where the group id wasn't getting set at all. --- src/run-child-proc.cc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/run-child-proc.cc b/src/run-child-proc.cc index ba54ab2..757ddd7 100644 --- a/src/run-child-proc.cc +++ b/src/run-child-proc.cc @@ -258,8 +258,9 @@ void base_process_service::run_child_proc(run_proc_params params) noexcept if (uid != uid_t(-1)) { err.stage = exec_stage::SET_UIDGID; - if (setreuid(uid, uid) != 0) goto failure_out; + // We must set group first (i.e. before we drop privileges) if (setregid(gid, gid) != 0) goto failure_out; + if (setreuid(uid, uid) != 0) goto failure_out; } sigprocmask(SIG_SETMASK, &sigwait_set, nullptr); -- 2.25.1