Make setgroups(0,0) unconditional -- accidentally thinking we have

don't it on a machine that does have supplementary groups would be a
security hole.  If this breaks anything we'll fix it later.

diff --git a/clientserver.c b/clientserver.c
index 2bab6aa..93a1eef 100644 (file)
--- a/clientserver.c
+++ b/clientserver.c
@@ -285,7 +285,6 @@ static int rsync_module(int fd, int i)
        }
 
        if (am_root) {
-#ifdef HAVE_SETGROUPS
                /* Get rid of any supplementary groups this process
                 * might have inheristed. */
                if (setgroups(0, NULL)) {
@@ -293,7 +292,6 @@ static int rsync_module(int fd, int i)
                        io_printf(fd, "@ERROR: setgroups failed\n");
                        return -1;
                }
-#endif
 
                /* XXXX: You could argue that if the daemon is started
                 * by a non-root user and they explicitly specify a

diff --git a/configure.in b/configure.in
index 9e50c42..ec143ee 100644 (file)
--- a/configure.in
+++ b/configure.in
@@ -5,7 +5,7 @@ AC_CONFIG_SRCDIR([byteorder.h])
 AC_CONFIG_HEADER(config.h)
 AC_PREREQ(2.52)
 
-RSYNC_VERSION=2.5.3pre1
+RSYNC_VERSION=2.5.3pre2
 AC_SUBST(RSYNC_VERSION)
 AC_MSG_NOTICE([Configuring rsync $RSYNC_VERSION])
 
@@ -362,7 +362,7 @@ AC_FUNC_UTIME_NULL
 AC_CHECK_FUNCS(waitpid wait4 getcwd strdup strerror chown chmod mknod)
 AC_CHECK_FUNCS(fchmod fstat strchr readlink link utime utimes strftime)
 AC_CHECK_FUNCS(memmove lchown vsnprintf snprintf asprintf setsid glob strpbrk)
-AC_CHECK_FUNCS(strlcat strlcpy mtrace mallinfo setgroups)
+AC_CHECK_FUNCS(strlcat strlcpy mtrace mallinfo)
 
 AC_CACHE_CHECK([for working socketpair],rsync_cv_HAVE_SOCKETPAIR,[
 AC_TRY_RUN([