Remove supplementary groups when dropping privileges

Suggested by xambroz.
2025-04-13 13:17:23 +03:00 · 2016-11-18 14:28:23 +01:00 · 2016-11-18 14:28:23 +01:00 · ed3d7de6cc
commit ed3d7de6cc
parent 5e1004038f
1 changed files with 4 additions and 0 deletions
--- a/src/worker.cpp
+++ b/src/worker.cpp
@ -27,6 +27,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <sys/select.h>
+#include <grp.h>

 using namespace std;

@ -203,6 +204,9 @@ void Worker::dropPrivileges()
 #else
    syslog(LOG_INFO, "dropping privileges");

+    if (setgroups(0, NULL) == -1)
+        throw Exception("setgroups", true);
+
    if (setgid(gid) == -1)
        throw Exception("setgid", true);