--- kismet-2007-01-R1b/kismet_server.cc.setgroups 2007-01-06 09:08:59.000000000 +0100
+++ kismet-2007-01-R1b/kismet_server.cc 2007-02-03 23:33:12.000000000 +0100
@@ -28,6 +28,7 @@
#include <stdlib.h>
#include <signal.h>
#include <pwd.h>
+#include <grp.h>
#include <string>
#include <vector>
@@ -2506,6 +2507,11 @@
exit(1);
}
+ if (setgroups(0,0) < 0) {
+ fprintf(stderr, "FATAL: setgroups() failed: %m.\n");
+ exit(1);
+ }
+
if (setuid(suid_id) < 0) {
fprintf(stderr, "FATAL: setuid() to %s (%d) failed.\n", suid_user, suid_id);
exit(1);
--- kismet-2007-01-R1b/kismet_drone.cc.setgroups 2006-04-13 00:42:59.000000000 +0200
+++ kismet-2007-01-R1b/kismet_drone.cc 2007-02-03 23:35:45.000000000 +0100
@@ -26,6 +26,7 @@
#include <stdlib.h>
#include <signal.h>
#include <pwd.h>
+#include <grp.h>
#include <string>
#include <vector>
@@ -298,6 +299,7 @@
struct passwd *pwordent;
const char *suid_user;
uid_t suid_id, real_uid;
+ gid_t suid_gid;
real_uid = getuid();
@@ -308,7 +310,8 @@
fprintf(stderr, " Make sure you have a valid user set for 'suiduser' in your config.\n");
exit(1);
} else {
- suid_id = pwordent->pw_uid;
+ suid_id = pwordent->pw_uid;
+ suid_gid = pwordent->pw_gid;
if (suid_id == 0) {
// If we're suiding to root...
@@ -516,6 +519,16 @@
// logfiles as root if we can avoid it. Once we've dropped, we'll investigate our
// sources again and open any defered
#ifdef HAVE_SUID
+ if (setgid(suid_gid) < 0) {
+ fprintf(stderr, "FATAL: setgid() to %d failed: %m\n", suid_gid);
+ exit(1);
+ }
+
+ if (setgroups(0,0) < 0) {
+ fprintf(stderr, "FATAL: setgroups() failed: %m\n");
+ exit(1);
+ }
+
if (setuid(suid_id) < 0) {
fprintf(stderr, "FATAL: setuid() to %s (%d) failed.\n", suid_user, suid_id);
exit(1);