* Urgh. Do setgid() before setuid(), because the semantics of setgid()

changes completely depending on whether you're root...
This commit is contained in:
Eelco Dolstra 2006-12-05 18:28:15 +00:00
parent 6f0d050324
commit 44cad9630f

View file

@ -1364,13 +1364,13 @@ void DerivationGoal::startBuilder()
if (setgroups(0, 0) == -1) if (setgroups(0, 0) == -1)
throw SysError("cannot clear the set of supplementary groups"); throw SysError("cannot clear the set of supplementary groups");
setuid(buildUser.getUID());
assert(getuid() == buildUser.getUID());
assert(geteuid() == buildUser.getUID());
setgid(gidBuildGroup); setgid(gidBuildGroup);
assert(getgid() == gidBuildGroup); assert(getgid() == gidBuildGroup);
assert(getegid() == gidBuildGroup); assert(getegid() == gidBuildGroup);
setuid(buildUser.getUID());
assert(getuid() == buildUser.getUID());
assert(geteuid() == buildUser.getUID());
} }
/* Execute the program. This should not return. */ /* Execute the program. This should not return. */