On Thu, 12 Jun 1997, Chris Harris wrote:
> I have a primary exim binary (called "exim") that I compiled just fine and
> that works just fine. However, when I tried today to compile a second
> exim binary (called "exim3") for mailing list distribution pruposes, I ran
> into trouble. When I run the "exim3" binary as anyone except root, the
> process dies with a "setgroups() failed: Operation not permitted" error.
> The error seems odd, since I thought setgroups() would only be called when
> the binary was run as root. Have I screwed up somewhere in my Makefile or
> config file, do you think? What excepts would be relivant to provide?
Fixed in the next release of Exim. Change the code that calls
setgroups() in exim.c to read
if (setgroups(0, NULL) != 0)
{
if (setgroups(1, group_list) != 0 && geteuid() == root_uid)
{
fprintf(stderr, "exim: setgroups() failed: %s\n", strerror(errno));
exit(EXIT_FAILURE);
}
}
The change is the addition of "&& geteuid() == root_uid". I didn't
realise that even throwing away groups required root privilege.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714
