maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

* Urgh. Do setgid() before setuid(), because the semantics of setgid()

Browse source 
changes completely depending on whether you're root...
This commit is contained in:
Eelco Dolstra 2006-12-05 18:28:15 +00:00
parent 6f0d050324
commit 44cad9630f
1 changed files with 4 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

8
src/libstore/build.cc
View file

@ -1364,13 +1364,13 @@ void DerivationGoal::startBuilder()
if (setgroups(0, 0) == -1) if (setgroups(0, 0) == -1)
throw SysError("cannot clear the set of supplementary groups"); throw SysError("cannot clear the set of supplementary groups");
setuid(buildUser.getUID());
assert(getuid() == buildUser.getUID());
assert(geteuid() == buildUser.getUID());
setgid(gidBuildGroup); setgid(gidBuildGroup);
assert(getgid() == gidBuildGroup); assert(getgid() == gidBuildGroup);
assert(getegid() == gidBuildGroup); assert(getegid() == gidBuildGroup);
setuid(buildUser.getUID());
assert(getuid() == buildUser.getUID());
assert(geteuid() == buildUser.getUID());
} }
/* Execute the program. This should not return. */ /* Execute the program. This should not return. */