drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-08-10 01:02:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws,tpws: use initgroups() if --user specified

Browse Source
This commit is contained in:
bol-van
2025-06-11 20:15:43 +03:00
parent f3d48b7160
commit f09d918b40
11 changed files with 125 additions and 97 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
nfq/sec.c
View File

@@ -295,7 +295,7 @@ bool can_drop_root(void)
#endif
}
bool droproot(uid_t uid, gid_t *gid, int gid_count)
bool droproot(uid_t uid, const char *user, const gid_t *gid, int gid_count)
{
if (gid_count<1)
{
@@ -309,11 +309,23 @@ bool droproot(uid_t uid, gid_t *gid, int gid_count)
return false;
}
#endif
// drop all SGIDs
if (setgroups(gid_count,gid))
if (user)
{
DLOG_PERROR("setgroups");
return false;
// macos has strange supp gid handling. they cache only 16 groups and fail setgroups if more than 16 gids specified.
// better to leave it to the os
if (initgroups(user,gid[0]))
{
DLOG_PERROR("initgroups");
return false;
}
}
else
{
if (setgroups(gid_count,gid))
{
DLOG_PERROR("setgroups");
return false;
}
}
if (setgid(gid[0]))
{