From 25ef0f44a4d150d8a3571906475ed3d567ee7f4a Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 15 Dec 2019 20:13:04 +0000 Subject: [PATCH 1/1] GNU/Hurd: handle platform-specific behaviour of setgroups() --- src/OS/os.h-GNU | 4 ++++ src/src/exim.c | 10 +++++++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/OS/os.h-GNU b/src/OS/os.h-GNU index 44993163d..1de2e3e84 100644 --- a/src/OS/os.h-GNU +++ b/src/OS/os.h-GNU @@ -20,4 +20,8 @@ typedef struct flock flock_t; /* default is non-const */ #define ICONV_ARG2_TYPE const char ** +/* setgroups(0, NULL) succeeds, and drops the gid group +as well as any supplementary groups*/ +#define OS_SETGROUPS_ZERO_DROPS_ALL + /* End */ diff --git a/src/src/exim.c b/src/src/exim.c index 477b82aa4..f0feaf5bd 100644 --- a/src/src/exim.c +++ b/src/src/exim.c @@ -3642,7 +3642,11 @@ since you have to be root to run it, even if throwing away groups. Not being root here happens only in some unusual configurations. We just ignore the error. */ -if (setgroups(0, NULL) != 0 && setgroups(1, group_list) != 0 && !unprivileged) +if ( +#ifndef OS_SETGROUPS_ZERO_DROPS_ALL + setgroups(0, NULL) != 0 && +#endif + setgroups(1, group_list) != 0 && !unprivileged) exim_fail("exim: setgroups() failed: %s\n", strerror(errno)); /* If the configuration file name has been altered by an argument on the @@ -4289,8 +4293,8 @@ else if (!(unprivileged || removed_privilege)) exim_fail("exim: changing group failed: %s\n", strerror(errno)); else - DEBUG(D_any) debug_printf("changing group to %ld failed: %s\n", - (long int)exim_gid, strerror(errno)); + DEBUG(D_any) debug_printf("changing group to %ld failed: %d: %s\n", + (long int)exim_gid, errno, strerror(errno)); } /* Handle a request to scan a file for malware */ -- 2.30.2