Open Fale opened 8 years ago
I don't get it, setgid is called before setuid as it should?
AFAIK if you have two conditions in the same if there is no guarantee they will be executed in the order they are written into. A patch of an identical situation for example can be found on https://build.opensuse.org/package/view_file/server:monitoring/ntop/POS36-C.patch?expand=1
That should not be true at all, short-circuiting and evaluation order should be required by both C and C++. Are you sure they did not just want to handle the error cases separately?
I believe the issue is that you are not calling setgroups() to relinquish any supplementary groups before calling setuid().
Can those "supplementary groups" be set unwillingly?
Not sure what you mean by unwillingly, but a process will have all of the supplemental groups that a user belongs to by default.
Oh, I see. That makes sense and setgroups(0, NULL);
should drop them I guess?
In https://github.com/Cloudef/wlc/blob/master/src/session/fd.c#L568 there is a call to setgroups before setuids. There is a high probability this means it didn't relinquish all groups, and this would be a potential security issue to be fixed. See https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges