Skip to content

Commit 911cb11

Browse files
Markos Chandraspavlix
Markos Chandras
authored andcommitted
tftpd: Drop supplementary groups for root
Before dropping our root privileges, we need to make sure that root does not belong to any other group. That's because setgid() will change the gid but it will leave the supplementary groups unchanged so we may still be able to do privilege operations. Use setgroups() before set{u,g}id to ensure that root does not have any unexpected priviledges. Link: https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges Signed-off-by: Markos Chandras <[email protected]>
1 parent d141cb6 commit 911cb11

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

tftpd.c

+3
Original file line numberDiff line numberDiff line change
@@ -54,6 +54,7 @@
5454
#include <ctype.h>
5555
#include <string.h>
5656
#include <stdlib.h>
57+
#include <grp.h>
5758

5859
#include "tftp.h"
5960

@@ -101,6 +102,8 @@ int main(int ac, char **av)
101102

102103
/* Sanity. If parent forgot to setuid() on us. */
103104
if (geteuid() == 0) {
105+
/* Drop all supplementary groups. No error checking is needed */
106+
setgroups(0, NULL);
104107
if (setgid(65534) || setuid(65534)) {
105108
syslog(LOG_ERR, "set*id failed: %m\n");
106109
exit(1);

0 commit comments

Comments
 (0)