rsync 2.5.3 (not released yet)
+ SECURITY FIXES:
+
+ * Make sure that supplementary groups are removed from a server
+ process after changing uid and gid. (Ethan Benson)
+
ENHANCEMENTS:
* Command to initiate connections is only shown with -vv, rather
return -1;
}
+#ifdef HAVE_SETGROUPS
+ /* Get rid of any supplementary groups this process
+ * might have inheristed. */
+ if (setgroups(0, NULL)) {
+ rsyserr(FERROR, errno, "setgroups failed");
+ io_printf(fd, "@ERROR: setgroups failed\n");
+ return -1;
+ }
+#endif
+
am_root = (getuid() == 0);
}
AC_CHECK_FUNCS(waitpid wait4 getcwd strdup strerror chown chmod mknod)
AC_CHECK_FUNCS(fchmod fstat strchr readlink link utime utimes strftime)
AC_CHECK_FUNCS(memmove lchown vsnprintf snprintf asprintf setsid glob strpbrk)
-AC_CHECK_FUNCS(strlcat strlcpy mtrace mallinfo)
+AC_CHECK_FUNCS(strlcat strlcpy mtrace mallinfo setgroups)
AC_CACHE_CHECK([for working socketpair],rsync_cv_HAVE_SOCKETPAIR,[
AC_TRY_RUN([
len = vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
+ /* TODO: Put in RSYNC_NAME at the start. */
+
if ((size_t) len > sizeof(buf)-1)
exit_cleanup(RERR_MESSAGEIO);
Matt McCutchen's Web Site / rsync / rsync.git / commitdiff