This is an automated email from the ASF dual-hosted git repository.
vgutierrez pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/trafficserver.git
The following commit(s) were added to refs/heads/master by this push:
new d4dda9b558 Invoke initgroups() iff we got enough privileges (#11869)
(#11872)
d4dda9b558 is described below
commit d4dda9b5583d19e2eee268fec59aa487d61fc079
Author: ValentÃn Gutiérrez <[email protected]>
AuthorDate: Thu Nov 21 03:54:03 2024 +0100
Invoke initgroups() iff we got enough privileges (#11869) (#11872)
Follow up of #11855, that rendered unusable ATS as root when spawned via
traffic_manager.
---
src/tscore/ink_cap.cc | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/tscore/ink_cap.cc b/src/tscore/ink_cap.cc
index 0f0d6f869e..f464daad3b 100644
--- a/src/tscore/ink_cap.cc
+++ b/src/tscore/ink_cap.cc
@@ -156,8 +156,10 @@ impersonate(const struct passwd *pwd, ImpersonationLevel
level)
#endif
// Always repopulate the supplementary group list for the new user.
- if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) {
- Fatal("switching to user %s, failed to initialize supplementary groups ID
%ld", pwd->pw_name, (long)pwd->pw_gid);
+ if (geteuid() == 0) { // check that we have enough rights to call
initgroups()
+ if (initgroups(pwd->pw_name, pwd->pw_gid) != 0) {
+ Fatal("switching to user %s, failed to initialize supplementary groups
ID %ld", pwd->pw_name, (long)pwd->pw_gid);
+ }
}
switch (level) {
