You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@spamassassin.apache.org by si...@apache.org on 2022/09/21 20:38:43 UTC

svn commit: r1904201 - /spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm

Author: sidney
Date: Wed Sep 21 20:38:43 2022
New Revision: 1904201

URL: http://svn.apache.org/viewvc?rev=1904201&view=rev
Log:
Bug 8043 - Don't try and fail to setgid to drop privs when spamd started with a supplemental group without privs

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm?rev=1904201&r1=1904200&r2=1904201&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Util.pm Wed Sep 21 20:38:43 2022
@@ -1891,8 +1891,9 @@ sub setuid_to_euid {
   my $gids = get_user_groups($touid);
   my ( $pgid, $supgs ) = split (' ',$gids,2);
   defined $supgs or $supgs=$pgid;
-  if ($( != $pgid) {
-    # Gotta be root for any of this to work
+  my $prgid = 0 + $(; # bug 8043 - Only set rgid if it isn't already one of the euid's groups
+  if ( ($prgid == 0) or not (grep { $_ == $prgid } split(/ /, ${(}))) {
+    # setgid only works if euid is root, have to set that temporarily
     $> = 0;
     if ($> != 0) { warn("util: seteuid to 0 failed: $!"); }
     dbg("util: changing real primary gid from $( to $pgid and supplemental groups to $supgs to match effective uid $touid");