From b5841bbaecc7659490400eb8d105473c4b646caf Mon Sep 17 00:00:00 2001 From: Guillem Jover Date: Tue, 22 Jan 2008 12:57:43 +0200 Subject: [PATCH] s-s-d: Change uid after changing gid and initalizing supplementary groups Closes: #462018 --- ChangeLog | 5 +++++ debian/changelog | 7 +++++++ utils/start-stop-daemon.c | 8 ++++---- 3 files changed, 16 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 1cb5c8a1..f315fa15 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2008-01-22 Guillem Jover + + * utils/start-stop-daemon.c (main): Move setuid code after initgroups + and setgid. + 2008-01-21 Frank Lichtenheld * configure.ac: Release 1.14.16.1 diff --git a/debian/changelog b/debian/changelog index f4145a7e..625527a5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +dpkg (1.14.16.2) UNRELEASED; urgency=low + + * Change uid after changing gid and initializing supplementary groups in + start-stop-daemon. Closes: #462018 + + -- Guillem Jover Tue, 22 Jan 2008 12:52:11 +0200 + dpkg (1.14.16.1) unstable; urgency=low * Add libtimedate-perl to dpkg-dev's Depends and to Build-Depends. diff --git a/utils/start-stop-daemon.c b/utils/start-stop-daemon.c index ed21c3c2..2a31f730 100644 --- a/utils/start-stop-daemon.c +++ b/utils/start-stop-daemon.c @@ -1413,10 +1413,6 @@ main(int argc, char **argv) if (chdir(changedir) < 0) fatal("Unable to chdir() to %s", changedir); - if (changeuser != NULL && getuid() != (uid_t)runas_uid) { - if (setuid(runas_uid)) - fatal("Unable to set uid to %s", changeuser); - } if (changegroup != NULL && *changegroup != '\0' && getgid() != (gid_t)runas_gid) { if (!gid_in_current_groups(runas_gid)) @@ -1426,6 +1422,10 @@ main(int argc, char **argv) if (setgid(runas_gid)) fatal("Unable to set gid to %d", runas_gid); } + if (changeuser != NULL && getuid() != (uid_t)runas_uid) { + if (setuid(runas_uid)) + fatal("Unable to set uid to %s", changeuser); + } if (background) { /* Continue background setup */ -- 2.39.5