'[Bug 3253] New: start-stop-daemon --chuid does not set supplemental groups'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       busybox-cvs
Subject:    [Bug 3253] New: start-stop-daemon --chuid does not set supplemental groups
From:       bugzilla () busybox ! net (bugzilla at busybox ! net)
Date:       2011-02-15 16:41:40
Message-ID: bug-3253-161 () https ! bugs ! busybox ! net/
[Download RAW message or body]

https://bugs.busybox.net/show_bug.cgi?id=3253

           Summary: start-stop-daemon --chuid does not set supplemental
                    groups
           Product: Busybox
           Version: 1.13.x
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Standard Compliance
        AssignedTo: unassigned at busybox.net
        ReportedBy: apr at cn-eng.de
                CC: busybox-cvs at busybox.net
   Estimated Hours: 0.0


Created attachment 2965
  --> https://bugs.busybox.net/attachment.cgi?id=2965
In busybox start-stop-daemon applet --chuid option, also set the supplemental
groups of the specified user.

In contrast to Debian reference start-stop-daemon, the busybox variant does not
set the supplemental groups of the user when changing uid/gid.

>From start-stop-daemon(8) of dpkg 1.15.8.10:
       -c, --chuid username|uid
              Change to this username/uid before starting the process. You can
              also  specify a group by appending a :, then the group or gid in
              the same way as you would for the `chown' command  (user:group).
              If a user is specified without a group, the primary GID for that
              user is used.  When using this option you must realize that  the
              primary  and  supplemental  groups  are set as well, even if the
              --group option is not specified. The --group option is only  for
              groups that the user isn't normally a member of (like adding per
              process group membership for generic users like nobody).

While observed on an old busybox 1.13.4, based on the code of 1.18.3 this still
seems to be the case.

Please find attached an experimental patch for old 1.13.4 adding the missing
initgroups() call. Please be aware that this patch only solves the immediate
issue and is by no means checked for side effects and/or correctness. Also it's
probably not the most elegant approach.
=> Use only as proof of concept.

-- 
Configure bugmail: https://bugs.busybox.net/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic