Agree, thanks for your solution! Will this solution be part of upstream code in near future ?
Thanks. Ondrej On Mon, Feb 8, 2021 at 5:06 PM Sergey Poznyakoff <g...@gnu.org.ua> wrote: > FWIW, I'd rather propose something like that: > > diff --git a/lib/system.h b/lib/system.h > index e7f531c..dffab86 100644 > --- a/lib/system.h > +++ b/lib/system.h > @@ -470,19 +470,37 @@ char *getenv (); > #if MSDOS > # include <process.h> > # define SET_BINARY_MODE(arc) setmode(arc, O_BINARY) > # define ERRNO_IS_EACCES errno == EACCES > # define mkdir(file, mode) (mkdir) (file) > # define TTY_NAME "con" > # define sys_reset_uid_gid() > #else > # define SET_BINARY_MODE(arc) > # define ERRNO_IS_EACCES 0 > # define TTY_NAME "/dev/tty" > -# define sys_reset_uid_gid() \ > - do { \ > - if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \ > - abort (); \ > - } while (0) > +# include <paxlib.h> > +static inline void > +sys_reset_uid_gid (void) > +{ > + struct passwd *pw; > + uid_t uid = getuid (); > + gid_t gid = getgid (); > + > + if ((pw = getpwuid (uid)) == NULL) > + { > + FATAL_ERROR ((0, errno, "%s(%ld)", "getpwuid", (unsigned long)uid)); > + } > + if (initgroups (pw->pw_name, getgid ())) > + { > + FATAL_ERROR ((0, errno, "%s", "initgroups")); > + } > + if (gid != getegid () && setgid (gid) && errno != EPERM) > + { > + FATAL_ERROR ((0, errno, "%s", "setgid")); > + } > + if (uid != geteuid () && setuid (uid) && errno != EPERM) > + { > + FATAL_ERROR ((0, errno, "%s", "setuid")); > + } > +} > #endif > > #if XENIX > >