Hi, This bite me recently.
I'm attaching a debdiff with the patch from Huaqing, which I tested and verified to work as expected. I also updated the manpage. Could you upload this please? If you don't have time I can do an NMU (if you think the attached debdiff is OK) Thanks!
diff -u daemontools-0.76/debian/changelog daemontools-0.76/debian/changelog --- daemontools-0.76/debian/changelog +++ daemontools-0.76/debian/changelog @@ -1,3 +1,11 @@ +daemontools (1:0.76-3.1) UNRELEASED; urgency=medium + + * Non-maintainer upload. + * Apply patch for setuidgid to initialize the supplementary groups and + update manpage (Closes: #534508) + + -- Carlos Alberto Lopez Perez <clo...@igalia.com> Thu, 29 May 2014 11:59:03 +0200 + daemontools (1:0.76-3) unstable; urgency=low * debian/daemontools-run.postinst: don't exec into the kill program, so diff -u daemontools-0.76/debian/daemontools-man/setuidgid.8 daemontools-0.76/debian/daemontools-man/setuidgid.8 --- daemontools-0.76/debian/daemontools-man/setuidgid.8 +++ daemontools-0.76/debian/daemontools-man/setuidgid.8 @@ -14,7 +14,7 @@ .B setuidgid sets its uid and gid to .IR account 's -uid and gid, removing all supplementary groups. It then runs +uid and gid (including all supplementary groups of the user). It then runs .IR child . .B setuidgid @@ -23,7 +23,7 @@ .B setuidgid exits 111 if it cannot find a UNIX account named .IB account , -if it cannot setgid, if it cannot setuid, or if it cannot run +if it cannot setgid, if it cannot setuid, if it cannot initialize the supplementary groups of the user, or if it cannot run .IR child . Otherwise its exit code is the same as that of .IR child . only in patch2: unchanged: --- daemontools-0.76.orig/debian/diff/0003-setuidgid-should-initialize-the-supplementary-groups.diff +++ daemontools-0.76/debian/diff/0003-setuidgid-should-initialize-the-supplementary-groups.diff @@ -0,0 +1,27 @@ +From: Huaqing Zheng <morph...@stanford.edu> +Date: Wed, 24 Jun 2009 16:19:16 -0700 +Subject: [PATCH] setuidgid should initialize the supplementary groups + +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534508 +--- + daemontools-0.76/src/setuidgid.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/daemontools-0.76/src/setuidgid.c b/daemontools-0.76/src/setuidgid.c +index 8c683de..b75d799 100644 +--- a/daemontools-0.76/src/setuidgid.c ++++ b/daemontools-0.76/src/setuidgid.c +@@ -21,6 +21,10 @@ int main(int argc,const char *const *argv,const char *const *envp) + + if (prot_gid(pw->pw_gid) == -1) + strerr_die2sys(111,FATAL,"unable to setgid: "); ++ ++ if (initgroups(pw->pw_name, pw->pw_gid)) ++ strerr_die2sys(111,FATAL,"unable to initgroup: "); ++ + if (prot_uid(pw->pw_uid) == -1) + strerr_die2sys(111,FATAL,"unable to setuid: "); + +-- +2.0.0.rc2 +
signature.asc
Description: OpenPGP digital signature
