os-posix: set groups properly for -runas2011.07-0.rebasing

Andrew Griffiths reports that -runas does not set supplementary group IDs. This means that gid 0 (root) is not dropped when switching to an unprivileged user. Add an initgroups(3) call to use the -runas user's /etc/groups membership to update the supplementary group IDs. Signed-off-by: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> Acked-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: Blue Swirl <blauwirbel@gmail.com>
author: Stefan Hajnoczi <stefanha@linux.vnet.ibm.com> 2011-07-18 10:55:31 +0000
committer: Peter Maydell <peter.maydell@linaro.org> 2011-07-18 10:55:31 +0000
commit: 0fe5b5a71d54d448a3a881fc5b0328d7636a573c (patch)
tree: a65448cb9c33716ddc019f828656497bf03e331c
parent: dfa1c09c45565e6dde4b4dedc809c61a31c8332c (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/os-posix.c b/os-posix.c
index 7dfb27836..6f8d4886e 100644
--- a/os-posix.c
+++ b/os-posix.c
@@ -31,6 +31,7 @@
 /*needed for MAP_POPULATE before including qemu-options.h */
 #include <sys/mman.h>
 #include <pwd.h>
+#include <grp.h>
 #include <libgen.h>
 
 /* Needed early for CONFIG_BSD etc. */
@@ -199,6 +200,11 @@ static void change_process_uid(void)
             fprintf(stderr, "Failed to setgid(%d)\n", user_pwd->pw_gid);
             exit(1);
         }
+        if (initgroups(user_pwd->pw_name, user_pwd->pw_gid) < 0) {
+            fprintf(stderr, "Failed to initgroups(\"%s\", %d)\n",
+                    user_pwd->pw_name, user_pwd->pw_gid);
+            exit(1);
+        }
         if (setuid(user_pwd->pw_uid) < 0) {
             fprintf(stderr, "Failed to setuid(%d)\n", user_pwd->pw_uid);
             exit(1);
author	Stefan Hajnoczi <stefanha@linux.vnet.ibm.com>	2011-07-18 10:55:31 +0000
committer	Peter Maydell <peter.maydell@linaro.org>	2011-07-18 10:55:31 +0000
commit	0fe5b5a71d54d448a3a881fc5b0328d7636a573c (patch)
tree	a65448cb9c33716ddc019f828656497bf03e331c
parent	dfa1c09c45565e6dde4b4dedc809c61a31c8332c (diff)