On Wed, Dec 29, 2010 at 11:43 AM, Roberto De Ioris <[email protected]> wrote:
>
> > Hi,
> >
> > Thank for the fast response. :D
> >
> > I tried to change the groups with os.setgroups(), but as the actual
> > gid is 1001 I can't modify it to [1001], and os.getgroups() returns
> > [0]. I'm curious now if this is something that I should worry about,
> > what I see is that the user is correctly controlled by the permissions
> > given in gid and uid, and the group 0 in the groups is meaningless. Am
> > I wrong with this?
>
>
> Sadly you should worry about this :(
>
> If you have some data that has group ownership by root uwsgi can access
> them.
>
> If you cannot wait til tomorrow you can add this lines in utils.c (after
> the setgid() block)
>
>
> if (setgroups(0, NULL)) {
> uwsgi_error("setgroups()");
> exit(1);
> }
>
>
I can wait :D. Thanks!!!
>
>
> --
> Roberto De Ioris
> http://unbit.it
> _______________________________________________
> uWSGI mailing list
> [email protected]
> http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
>
--
Jorge Eduardo Cardona
[email protected]
jorgeecardona.blogspot.com
------------------------------------------------
Linux registered user #391186
Registered machine #291871
------------------------------------------------
_______________________________________________
uWSGI mailing list
[email protected]
http://lists.unbit.it/cgi-bin/mailman/listinfo/uwsgi
