rpms / dionaea

Clone
Source Code
GIT

Files

epel7 epel8 epel8-playground epel9 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f40
  2.   dionaea-09_setgroups_before_setresuid.patch
Blob Blame History Raw 
diff --git a/src/dionaea.c b/src/dionaea.c
index e52673d..d6c1e86 100644
--- a/src/dionaea.c
+++ b/src/dionaea.c
@@ -774,10 +774,19 @@ opt->stdOUT.filter);
 		g_error("Could not change group");
 	}
 
-	if( opt->user.name != NULL && 
-		setresuid(opt->user.id, opt->user.id, opt->user.id) < 0 )
-	{
-		g_error("Could not change user");
+	if( opt->user.name != NULL )
+        {
+		/* try to drop any (superuser) groups before dropping root privileges */
+		if ( setgroups(0, NULL) < 0 )
+		{
+			g_warning("Setgroups dropping groups failed");
+		}
+
+		/* drop from root privileges to normal user */
+		if( setresuid(opt->user.id, opt->user.id, opt->user.id) < 0 )
+		{
+			g_error("Could not change user");
+		}
 	}
 
 	options_free(opt);
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.