From d7f7f6619814edbaf2f7af2fc6abe3c80e7d776b Mon Sep 17 00:00:00 2001 From: Pavel Grigorenko Date: Wed, 13 Mar 2024 18:37:53 +0300 Subject: [PATCH] Revert "Do not ignore EPERM when dropping supplementary groups" This reverts commit b4a4ab41a53bc22988b4dfc6d0339ef41f03ea39. As per https://github.com/rust-lang/rust/pull/121650#issuecomment-1992261791 --- .../std/src/sys/pal/unix/process/process_unix.rs | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/library/std/src/sys/pal/unix/process/process_unix.rs b/library/std/src/sys/pal/unix/process/process_unix.rs index 4cf678b97c59e..f017d39d804aa 100644 --- a/library/std/src/sys/pal/unix/process/process_unix.rs +++ b/library/std/src/sys/pal/unix/process/process_unix.rs @@ -330,14 +330,22 @@ impl Command { if let Some(u) = self.get_uid() { // When dropping privileges from root, the `setgroups` call // will remove any extraneous groups. We only drop groups - // if we weren't given an explicit set of groups. - // If we don't call this, then even though our + // if we have CAP_SETGID and we weren't given an explicit + // set of groups. If we don't call this, then even though our // uid has dropped, we may still have groups that enable us to // do super-user things. //FIXME: Redox kernel does not support setgroups yet #[cfg(not(target_os = "redox"))] if self.get_groups().is_none() { - cvt(libc::setgroups(0, crate::ptr::null()))?; + let res = cvt(libc::setgroups(0, crate::ptr::null())); + if let Err(e) = res { + // Here we ignore the case of not having CAP_SETGID. + // An alternative would be to require CAP_SETGID (in + // addition to CAP_SETUID) for setting the UID. + if e.raw_os_error() != Some(libc::EPERM) { + return Err(e.into()); + } + } } cvt(libc::setuid(u as uid_t))?; }