You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Set groups when dropping privileges to not leak supplementary group access
Changing the real and effective user/group IDs and the saved
set-user/group-ID is not enough to get rid of intial access permissions.
The list of groups must be cleared also, otherwise a process changing
from, e.g. `root:root` to `nobody:nobody` retains rights to access `:wheel`
files (assuming `root` is a member of the `wheel` group).
For example:
```
# id
uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest)
# ./yggdrasil -autoconf -logto /dev/null -user nobody &
[1] 4337
# ps -o command,user,group,supgrp -U nobody
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody wheel,kmem,sys,tty,operator,staff,guest
```
Fix that so the process runs as mere
```
COMMAND USER GROUP SUPGRP
./yggdrasil -aut nobody nobody nobody
```
Fixes#927.
# Please enter the commit message for your changes. Lines starting
# with '#' will be kept; you may remove them yourself if you want to.
# An empty message aborts the commit.
#
# Дата: Mon Nov 4 03:39:23 2024 +0300
#
# Текущая ветка: drop-supplementary-groups
# Изменения, которые будут включены в коммит:
# изменено: cmd/yggdrasil/chuser_unix.go
#
0 commit comments