From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 21 Apr 2007 05:14:37 +0000 (-0400)
Subject: [Bug 812] ntpd should drop supplementary groups
X-Git-Tag: NTP_4_2_5P25~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aa45b565d11c96b0d21b4e0f1cd81e84570de835;p=thirdparty%2Fntp.git

[Bug 812] ntpd should drop supplementary groups

bk: 46299dbdLtk4lwQNbmEFLHH2xYWeog
---

diff --git a/ntpd/ntpd.c b/ntpd/ntpd.c
index 5248c1bf2..9a8eed57b 100644
--- a/ntpd/ntpd.c
+++ b/ntpd/ntpd.c
@@ -874,13 +874,31 @@ ntpdmain(
 				sw_uid = (uid_t)strtoul(user, &endp, 0);
 				if (*endp != '\0') 
 					goto getuser;
+
+				if ((pw = getpwuid(sw_uid)) != NULL) {
+					user = strdup(pw->pw_name);
+					if (NULL == user) {
+						msyslog(LOG_ERR, "strdup() failed: %m");
+						exit (-1);
+					}
+					sw_gid = pw->pw_gid;
+				} else {
+					errno = 0;
+					msyslog(LOG_ERR, "Cannot find user ID %s", user);
+					exit (-1);
+				}
+
 			} else {
 getuser:	
+				errno = 0;
 				if ((pw = getpwnam(user)) != NULL) {
 					sw_uid = pw->pw_uid;
+					sw_gid = pw->pw_gid;
 				} else {
-					errno = 0;
-					msyslog(LOG_ERR, "Cannot find user `%s'", user);
+					if (errno)
+					    msyslog(LOG_ERR, "getpwnam(%s) failed: %m", user);
+					else
+					    msyslog(LOG_ERR, "Cannot find user `%s'", user);
 					exit (-1);
 				}
 			}
@@ -913,6 +931,10 @@ getgroup:
 				exit (-1);
 			}
 		}
+		if (user && initgroups(user, sw_gid)) {
+			msyslog(LOG_ERR, "Cannot initgroups() to user `%s': %m", user);
+			exit (-1);
+		}
 		if (group && setgid(sw_gid)) {
 			msyslog(LOG_ERR, "Cannot setgid() to group `%s': %m", group);
 			exit (-1);