[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    kdelibs/kdecore
From:       Waldo Bastian <bastian () kde ! org>
Date:       2003-01-29 13:27:29
[Download RAW message or body]

CVS commit by waba: 

Reverting previous commit. 
* initgroups() is necassery to reset any additional groups that might have 
been set. (See also kdm/backend/client.c)
* KProcess can be used without KApplication (see kfmclient)
* Since KApplication checks & aborts on set[ug]id there is no strong need
for the setuid calls any longer but they can't be removed since it would
create security holes in applications that rely on this behavior.
Please post a patch for review first next time.


  M +16 -4     kprocess.cpp   1.104


--- kdelibs/kdecore/kprocess.cpp  #1.103:1.104
@@ -460,4 +460,12 @@ bool KProcess::start(RunMode runmode, Co
   }
 
+  // We do this in the parent because if we do it in the child process
+  // gdb gets confused when the application runs from gdb.
+  uid_t uid = getuid();
+  gid_t gid = getgid();
+#ifdef HAVE_INITGROUPS
+  struct passwd *pw = getpwuid(uid);
+#endif
+
   int fd[2];
   if (pipe(fd) < 0)
@@ -495,6 +503,10 @@ bool KProcess::start(RunMode runmode, Co
         if (!runPrivileged())
         {
-           setgid(getgid());
-           setuid(getuid());
+           setgid(gid);
+#if defined( HAVE_INITGROUPS)
+           if(pw)
+              initgroups(pw->pw_name, pw->pw_gid);
+#endif
+           setuid(uid);
         }
 


[prev in list] [next in list] [prev in thread] [next in thread]