Merge pull request #2798 from grahamc/diff-hook

build: run diff-hook under --check and document diff-hook
author: Eelco Dolstra <edolstra@gmail.com> 2019-05-12T21·18+0200
committer: GitHub <noreply@github.com> 2019-05-12T21·18+0200
commit: d5c95e2b146eb8b87ecef49142f6d475fff5efb1 (patch)
tree: 04ca4041709d36e9805bb561489eed9d91fcbe85 /src/libutil/util.cc
parent: 7c6391ddc730519a632cc0ee526c94a04812d871 (diff)
parent: f1b8e9efe77014655f059b44afa05c38990dc4aa (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/src/libutil/util.cc b/src/libutil/util.cc
index a7170566533e..17aee2d5c3d0 100644
--- a/src/libutil/util.cc
+++ b/src/libutil/util.cc
@@ -16,6 +16,7 @@
 #include <future>
 
 #include <fcntl.h>
+#include <grp.h>
 #include <limits.h>
 #include <pwd.h>
 #include <sys/ioctl.h>
@@ -1025,6 +1026,16 @@ void runProgram2(const RunOptions & options)
         if (source && dup2(in.readSide.get(), STDIN_FILENO) == -1)
             throw SysError("dupping stdin");
 
+        if (options.chdir && chdir((*options.chdir).c_str()) == -1)
+            throw SysError("chdir failed");
+        if (options.gid && setgid(*options.gid) == -1)
+            throw SysError("setgid failed");
+        /* Drop all other groups if we're setgid. */
+        if (options.gid && setgroups(0, 0) == -1)
+            throw SysError("setgroups failed");
+        if (options.uid && setuid(*options.uid) == -1)
+            throw SysError("setuid failed");
+
         Strings args_(options.args);
         args_.push_front(options.program);
author	Eelco Dolstra <edolstra@gmail.com>	2019-05-12T21·18+0200
committer	GitHub <noreply@github.com>	2019-05-12T21·18+0200
commit	d5c95e2b146eb8b87ecef49142f6d475fff5efb1 (patch)
tree	04ca4041709d36e9805bb561489eed9d91fcbe85 /src/libutil/util.cc
parent	7c6391ddc730519a632cc0ee526c94a04812d871 (diff)
parent	f1b8e9efe77014655f059b44afa05c38990dc4aa (diff)