40fbc18253
Initial package for hsflowd OBS-URL: https://build.opensuse.org/request/show/732954 OBS-URL: https://build.opensuse.org/package/show/server:monitoring/hsflowd?expand=0&rev=1
18 lines
786 B
Diff
18 lines
786 B
Diff
--- a/src/Linux/hsflowd.c
|
|
+++ b/src/Linux/hsflowd.c
|
|
@@ -1402,6 +1402,14 @@ extern "C" {
|
|
myLog(LOG_ERR, "drop_privileges: user 'nobody' not found");
|
|
exit(EXIT_FAILURE);
|
|
}
|
|
+ // When dropping privileges from root, the `setgroups` call will
|
|
+ // remove any extraneous groups. If we don't call this, then
|
|
+ // even though our uid has dropped, we may still have groups
|
|
+ // that enable us to do super-user things. This will fail if we
|
|
+ // aren't root, so don't bother checking the return value, this
|
|
+ // is just done as an optimistic privilege dropping function.
|
|
+ setgroups(0, NULL);
|
|
+
|
|
if(setgid(nobody->pw_gid) != 0) {
|
|
myLog(LOG_ERR, "drop_privileges: setgid(%d) failed : %s", nobody->pw_gid, strerror(errno));
|
|
exit(EXIT_FAILURE);
|