lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-10-26 00:57:39 +03:00
Code Activity

hurd: support: Fix running SGID tests

Browse Source 
Secure mode is enabled only if SGID actually provides a new privilege,
so we have to drop it before gaining it again.

Fixes commit 3a3fb2ed83
("Fix error reporting (false negatives) in SGID tests")
This commit is contained in:
Samuel Thibault
2025-07-18 23:14:40 +02:00
parent e1f03adef9
commit ad4589e2d8
1 changed files with 21 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
support/support_capture_subprocess.c
View File

@@ -133,6 +133,27 @@ copy_and_spawn_sgid (const char *child_id, gid_t gid)
if (chmod (execname, 02750) != 0) if (chmod (execname, 02750) != 0)
FAIL_UNSUPPORTED ("cannot make \"%s\" SGID: %m ", execname); FAIL_UNSUPPORTED ("cannot make \"%s\" SGID: %m ", execname);
/* Now we can drop the privilege of that group. */
const int count = 64;
gid_t groups[count];
int ngroups = getgroups(count, groups);
if (ngroups < 0)
FAIL_UNSUPPORTED ("Could not get group list again for user %jd\n",
(intmax_t) getuid ());
int n = 0;
for (int i = 0; i < ngroups; i++)
{
if (groups[i] != gid)
{
if (n != i)
groups[n] = groups[i];
n++;
}
}
setgroups (n, groups);
/* We have the binary, now spawn the subprocess. Avoid using /* We have the binary, now spawn the subprocess. Avoid using
support_subprogram because we only want the program exit status, not the support_subprogram because we only want the program exit status, not the
contents. */ contents. */