mcelog/fix_setgroups_missing_call.patch

---
 mcelog.c |    9 +++++++++
 1 file changed, 9 insertions(+)

Index: mcelog-198/mcelog.c
===================================================================
--- mcelog-198.orig/mcelog.c
+++ mcelog-198/mcelog.c
@@ -37,6 +37,7 @@
 #include <assert.h>
 #include <signal.h>
 #include <pwd.h>
+#include <grp.h>
 #include <sys/wait.h>
 #include <fnmatch.h>
 #include "mcelog.h"
@@ -1163,6 +1164,14 @@ static void general_setup(void)
 
 static void drop_cred(void)
 {
+	/* When dropping privileges from root, the `setgroups` call will
+	 * remove any extraneous groups. If we don't call this, then
+	 * even though our uid has dropped, we may still have groups
+	 * that enable us to do super-user things. This will fail if we
+	 * aren't root, so don't bother checking the return value, this
+	 * is just done as an optimistic privilege dropping function.
+	 */
+	setgroups(0, NULL);
 	if (runcred.uid != -1U && runcred.gid == -1U) {
 		struct passwd *pw = getpwuid(runcred.uid);
 		if (pw)
Accepting request 867001 from home:trenn:branches:Base:System - Update to version 175 (jsc#SLE-14450): * mcelog: Add a test case to test page error counter replacement. * mcelog: Use 'num-errors' to specify the number of mce records to be injected. * mcelog: Report how often the replacement of page CE counter happened * mcelog: Limit memory consumption for counting CEs per page * mcelog: Add support for Sapphirerapids server. (jsc#SLE-14450) * mcelog: i10nm: Fix mapping from bank number to functional unit - Only refreshing patches, due to tarball modifications: M Start-consolidating-AMD-specific-stuff.patch M add-f10h-support.patch M add-f11h-support.patch M add-f12h-support.patch M add-f14h-support.patch M add-f15h-support.patch M add-f16h-support.patch M email.patch M fix_setgroups_missing_call.patch M mcelog_invert_prefill_db_warning.patch OBS-URL: https://build.opensuse.org/request/show/867001 OBS-URL: https://build.opensuse.org/package/show/Base:System/mcelog?expand=0&rev=90 2021-01-27 09:15:07 +01:00			`---`
			`mcelog.c \| 9 +++++++++`
			`1 file changed, 9 insertions(+)`

Accepting request 1173682 from home:trenn:branches:Base:System - Update to version 198: * Remove obsolete on disk dimm database code * page.c: Disable gcc warnings * page.c: Remove obsolete comment * mcelog: Fix clang warnings * mcelog: mempage_replace missing initialization of mempage fields * mcelog: Add third model number for Arrowlake - Refresh patches according to mainline: M add-f10h-support.patch M email.patch M fix_setgroups_missing_call.patch M mcelog_invert_prefill_db_warning.patch OBS-URL: https://build.opensuse.org/request/show/1173682 OBS-URL: https://build.opensuse.org/package/show/Base:System/mcelog?expand=0&rev=111 2024-05-14 08:52:51 +02:00			`Index: mcelog-198/mcelog.c`
Accepting request 974669 from home:kodymo - Update to version 181: * mcelog: Add support for Raptorlake - Adopt patches to latest git version M Start-consolidating-AMD-specific-stuff.patch M add-f10h-support.patch M add-f11h-support.patch M add-f12h-support.patch M add-f14h-support.patch M add-f15h-support.patch M add-f16h-support.patch M email.patch M fix_setgroups_missing_call.patch M mcelog_invert_prefill_db_warning.patch - Use Python3 shebang instead of python A python3_shebang - Use Github URL - Update to version 180: * Fix warnings in sysfs.c * mcelog: Change "DDR4" string to "DDR" for i10nm platforms * Fix logrotate syntax * remove outdated mcelog.conf.5 manual file * add furture print function for Python2 * fix python errors in genconfig.py * fix the buf not freed in read_field * mcelog: Print warning for locked down kernel * mcelog: Handle sysfs files without length * Fix make test fail OBS-URL: https://build.opensuse.org/request/show/974669 OBS-URL: https://build.opensuse.org/package/show/Base:System/mcelog?expand=0&rev=99 2022-05-03 16:52:12 +02:00			`===================================================================`
Accepting request 1173682 from home:trenn:branches:Base:System - Update to version 198: * Remove obsolete on disk dimm database code * page.c: Disable gcc warnings * page.c: Remove obsolete comment * mcelog: Fix clang warnings * mcelog: mempage_replace missing initialization of mempage fields * mcelog: Add third model number for Arrowlake - Refresh patches according to mainline: M add-f10h-support.patch M email.patch M fix_setgroups_missing_call.patch M mcelog_invert_prefill_db_warning.patch OBS-URL: https://build.opensuse.org/request/show/1173682 OBS-URL: https://build.opensuse.org/package/show/Base:System/mcelog?expand=0&rev=111 2024-05-14 08:52:51 +02:00			`--- mcelog-198.orig/mcelog.c`
			`+++ mcelog-198/mcelog.c`
Accepting request 282545 from home:trenn:branches:Base:System - Update to version 1.0.8 - Remove patch which got integrated mainline: 0001-Continue-without-dmi-when-no-SMBIOS-or-SMBIOS-0x0-in.patch - Fix possible security issue, build service complained about: missing-call-to-setgroups-before-setuid Add fix_setgroups_missing_call.patch OBS-URL: https://build.opensuse.org/request/show/282545 OBS-URL: https://build.opensuse.org/package/show/Base:System/mcelog?expand=0&rev=49 2015-01-23 13:50:02 +01:00			`@@ -37,6 +37,7 @@`
			`#include <assert.h>`
			`#include <signal.h>`
			`#include <pwd.h>`
			`+#include <grp.h>`
			`#include <sys/wait.h>`
			`#include <fnmatch.h>`
			`#include "mcelog.h"`
Accepting request 1173682 from home:trenn:branches:Base:System - Update to version 198: * Remove obsolete on disk dimm database code * page.c: Disable gcc warnings * page.c: Remove obsolete comment * mcelog: Fix clang warnings * mcelog: mempage_replace missing initialization of mempage fields * mcelog: Add third model number for Arrowlake - Refresh patches according to mainline: M add-f10h-support.patch M email.patch M fix_setgroups_missing_call.patch M mcelog_invert_prefill_db_warning.patch OBS-URL: https://build.opensuse.org/request/show/1173682 OBS-URL: https://build.opensuse.org/package/show/Base:System/mcelog?expand=0&rev=111 2024-05-14 08:52:51 +02:00			`@@ -1163,6 +1164,14 @@ static void general_setup(void)`
Accepting request 282545 from home:trenn:branches:Base:System - Update to version 1.0.8 - Remove patch which got integrated mainline: 0001-Continue-without-dmi-when-no-SMBIOS-or-SMBIOS-0x0-in.patch - Fix possible security issue, build service complained about: missing-call-to-setgroups-before-setuid Add fix_setgroups_missing_call.patch OBS-URL: https://build.opensuse.org/request/show/282545 OBS-URL: https://build.opensuse.org/package/show/Base:System/mcelog?expand=0&rev=49 2015-01-23 13:50:02 +01:00
			`static void drop_cred(void)`
			`{`
			+ /* When dropping privileges from root, the `setgroups` call will
			`+ * remove any extraneous groups. If we don't call this, then`
			`+ * even though our uid has dropped, we may still have groups`
			`+ * that enable us to do super-user things. This will fail if we`
			`+ * aren't root, so don't bother checking the return value, this`
			`+ * is just done as an optimistic privilege dropping function.`
			`+ */`
			`+ setgroups(0, NULL);`
			`if (runcred.uid != -1U && runcred.gid == -1U) {`
			`struct passwd *pw = getpwuid(runcred.uid);`
			`if (pw)`