drop priv groups as well as uid.

author Neil Brown <neilb@notabene.brown>

Fri, 20 Apr 2007 02:42:29 +0000 (12:42 +1000)

committer Neil Brown <neilb@notabene.brown>

Fri, 20 Apr 2007 02:42:29 +0000 (12:42 +1000)
author Neil Brown <neilb@notabene.brown>
Fri, 20 Apr 2007 02:42:29 +0000 (12:42 +1000)
committer Neil Brown <neilb@notabene.brown>
Fri, 20 Apr 2007 02:42:29 +0000 (12:42 +1000)
diff --git a/pmap_check.c b/pmap_check.c

index b716be4c8e704517a61f10f1fc9c9b52140939b5..2b8914e04a5c69832ed243086567fdbe1e7bbb39 100644 (file)
--- a/pmap_check.c
+++ b/pmap_check.c
@@ -50,6 +50,7 @@ sccsid[] = "@(#) pmap_check.c 1.8 96/07/07 10:49:10";
  #endif
  #include <tcpd.h>
  #include <arpa/inet.h>
+#include <grp.h>
  
  #include "pmap_check.h"
  
@@ -105,6 +106,8 @@ void check_startup(void)
       * Give up root privileges so that we can never allocate a privileged
       * port when forwarding an rpc request.
       */
+    setgid(1);
+    setgroups(0, NULL);
      if (setuid(1) == -1) {
         syslog(LOG_ERR, "setuid(1) failed: %m");
         exit(1);
author	Neil Brown <neilb@notabene.brown>
	Fri, 20 Apr 2007 02:42:29 +0000 (12:42 +1000)
committer	Neil Brown <neilb@notabene.brown>
	Fri, 20 Apr 2007 02:42:29 +0000 (12:42 +1000)