diff options
author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-06T20·00+0000 |
---|---|---|
committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2006-12-06T20·00+0000 |
commit | 6e5ec1029ad279c1ac69e14730afb4d2d9964b5d (patch) | |
tree | d0b031a8c4a40d6fa9c6d77b95b1acc66ea1840c /src/nix-setuid-helper/main.cc | |
parent | 751f6d2157a1b89f2463b68a90f8515deb3f942c (diff) |
* Get rid of `build-users'. We'll just take all the members of
`build-users-group'. This makes configuration easier: you can just add users in /etc/group.
Diffstat (limited to 'src/nix-setuid-helper/main.cc')
-rw-r--r-- | src/nix-setuid-helper/main.cc | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/src/nix-setuid-helper/main.cc b/src/nix-setuid-helper/main.cc index 50a059f50476..d278d5677360 100644 --- a/src/nix-setuid-helper/main.cc +++ b/src/nix-setuid-helper/main.cc @@ -40,14 +40,18 @@ static void runBuilder(string userName, don't want to create that directory here. */ secureChown(pw->pw_uid, gidBuilders, "."); + /* Set the real, effective and saved gid. Must be done before setuid(), otherwise it won't set the real and saved gids. */ + if (setgroups(0, 0) == -1) + throw SysError("cannot clear the set of supplementary groups"); //setgid(gidBuilders); /* Set the real, effective and saved uid. */ - setuid(pw->pw_uid); - if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) - throw Error("cannot setuid"); + if (setuid(pw->pw_uid) == -1 || + getuid() != pw->pw_uid || + geteuid() != pw->pw_uid) + throw SysError("setuid failed"); /* Execute the program. */ std::vector<const char *> args; |