- (djm) Try to drop supplemental groups at daemon startup. Patch from

RedHat
author: Damien Miller <djm@mindrot.org> 2002-05-10 12:20:24 +1000
committer: Damien Miller <djm@mindrot.org> 2002-05-10 12:20:24 +1000
commit: 87aea25f1ac7caf3a788f17c62164c0103ec3d35 (patch)
tree: 6bfcb117b35f08e33eeebf4c586ed490d3633afe /sshd.c
parent: cfe4a89eef91939ef865d6d25ecdc39fb87e8b5f (diff)
download: openssh-git-87aea25f1ac7caf3a788f17c62164c0103ec3d35.tar.gz
1 files changed, 10 insertions, 0 deletions
diff --git a/sshd.c b/sshd.c
index f3e4d835..589a1160 100644
--- a/sshd.c
+++ b/sshd.c
@@ -1005,6 +1005,16 @@ main(int ac, char **av)
 	if (test_flag)
 		exit(0);
 
+	/*
+	 * Clear out any supplemental groups we may have inherited.  This
+	 * prevents inadvertent creation of files with bad modes (in the
+	 * portable version at least, it's certainly possible for PAM 
+	 * to create a file, and we can't control the code in every 
+	 * module which might be used).
+	 */
+	if (setgroups(0, NULL) < 0)
+		debug("setgroups() failed: %.200s", strerror(errno));
+
 	/* Initialize the log (it is reinitialized below in case we forked). */
 	if (debug_flag && !inetd_flag)
 		log_stderr = 1;
author	Damien Miller <djm@mindrot.org>	2002-05-10 12:20:24 +1000
committer	Damien Miller <djm@mindrot.org>	2002-05-10 12:20:24 +1000
commit	87aea25f1ac7caf3a788f17c62164c0103ec3d35 (patch)
tree	6bfcb117b35f08e33eeebf4c586ed490d3633afe /sshd.c
parent	cfe4a89eef91939ef865d6d25ecdc39fb87e8b5f (diff)
download	openssh-git-87aea25f1ac7caf3a788f17c62164c0103ec3d35.tar.gz