Re: [exim] After upgrade to Exim 4.95 or 4.96: "setgroups: I…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MLasse Törngren at <-
MLasse Törngren at ->
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: Lasse Törngren
CC: exim-users
Subject: Re: [exim] After upgrade to Exim 4.95 or 4.96: "setgroups: Invalid argument"
On Wed, 21 Sep 2022, Lasse Törngren via Exim-users wrote:

> Hello Martin,
>
> I tried your patching of the code and I am getting this error:
> The changed code in priv.c:
>
> if (priv_euid == root_uid)
>   {
>   if (seteuid(priv_euid) != 0)
>     log_write(0, LOG_PANIC_DIE, "seteuid(%d): %s", priv_euid, strerror(errno));
>   if (setegid(priv_egid) != 0)
>     log_write(0, LOG_PANIC_DIE, "setegid(%d): %s", priv_egid, strerror(errno)); 
>   /*if (priv_ngroups > 0 && setgroups(priv_ngroups, priv_groups) != 0)*/
>   if (priv_ngroups > 0 && setgroups(priv_ngroups, priv_groups) != 0
>    
>
> #ifndef OS_SETGROUPS_ZERO_DROPS_ALL
>    && setgroups(0, NULL) != 0
> #endif
>    && setgroups(1, group_list) != 0)
>  
>     log_write(0, LOG_PANIC_DIE, "exim priv_restore setgroups: %s", strerror(errno));
>   if (geteuid() != priv_euid)
>     log_write(0, LOG_PANIC_DIE, "getdeuid() != %d", priv_euid);
>   if (getegid() != priv_egid)
>     log_write(0, LOG_PANIC_DIE, "getdegid() != %d", priv_egid);
>   }
>
> Error when compiling:
>
> cc priv.c
> priv.c:72:20: error: use of undeclared identifier 'group_list'; did you mean 'lookup_list'?
>   && setgroups(1, group_list) != 0)
>                   ^~~~~~~~~~
>                   lookup_list
> ./globals.h:713:22: note: 'lookup_list' declared here
> extern lookup_info **lookup_list;      /* Array of pointers to available lookups */
>                     ^
> 1 error generated.
> make[1]: *** [priv.o] Error 1
> make: *** [all] Error 2

I have attached a patch which I believe does what Martin suggested.
This puts the 3 lines of the #ifdef in the middle of the if condition
that calls setgroups.

Thanks for confirming that the error does happen in
the function priv_restore(). 

-- 
Andrew C. Aitchison                      Kendal, UK
                    andrew@???
--- src/priv.c
+++ src/priv.c
@@ -63,7 +63,11 @@
     log_write(0, LOG_PANIC_DIE, "seteuid(%d): %s", priv_euid, strerror(errno));
   if (setegid(priv_egid) != 0)
     log_write(0, LOG_PANIC_DIE, "setegid(%d): %s", priv_egid, strerror(errno));
-  if (priv_ngroups > 0 && setgroups(priv_ngroups, priv_groups) != 0)
+  if (priv_ngroups > 0
+#ifndef OS_SETGROUPS_ZERO_DROPS_ALL
+      && setgroups(0, NULL) != 0
+#endif
+      && setgroups(priv_ngroups, priv_groups) != 0)
     log_write(0, LOG_PANIC_DIE, "setgroups: %s", strerror(errno));
 
   if (geteuid() != priv_euid)

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-[exim] SMTPUTF8 Authentication and loggingRe: [exim] SMTPUTF8 Authentication and logging->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)