From: Samuel Thibault Date: Fri, 18 Jul 2025 21:14:40 +0000 (+0200) Subject: hurd: support: Fix running SGID tests X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ad4589e2d834c80a042a8c354fb00cf33e06802c;p=thirdparty%2Fglibc.git hurd: support: Fix running SGID tests Secure mode is enabled only if SGID actually provides a new privilege, so we have to drop it before gaining it again. Fixes commit 3a3fb2ed83f79100c116c824454095ecfb335ad7 ("Fix error reporting (false negatives) in SGID tests") --- diff --git a/support/support_capture_subprocess.c b/support/support_capture_subprocess.c index b4e4bf9502..c89e65b534 100644 --- a/support/support_capture_subprocess.c +++ b/support/support_capture_subprocess.c @@ -133,6 +133,27 @@ copy_and_spawn_sgid (const char *child_id, gid_t gid) if (chmod (execname, 02750) != 0) FAIL_UNSUPPORTED ("cannot make \"%s\" SGID: %m ", execname); + /* Now we can drop the privilege of that group. */ + const int count = 64; + gid_t groups[count]; + int ngroups = getgroups(count, groups); + + if (ngroups < 0) + FAIL_UNSUPPORTED ("Could not get group list again for user %jd\n", + (intmax_t) getuid ()); + + int n = 0; + for (int i = 0; i < ngroups; i++) + { + if (groups[i] != gid) + { + if (n != i) + groups[n] = groups[i]; + n++; + } + } + setgroups (n, groups); + /* We have the binary, now spawn the subprocess. Avoid using support_subprogram because we only want the program exit status, not the contents. */