capabilities: initialize supplementary groups only when doing a setuid()

author Martin Willi <martin@revosec.ch>

Wed, 8 May 2013 12:58:28 +0000 (14:58 +0200)

committer Martin Willi <martin@revosec.ch>

Wed, 15 May 2013 15:20:47 +0000 (17:20 +0200)
author Martin Willi <martin@revosec.ch>
Wed, 8 May 2013 12:58:28 +0000 (14:58 +0200)
committer Martin Willi <martin@revosec.ch>
Wed, 15 May 2013 15:20:47 +0000 (17:20 +0200)
diff --git a/src/libstrongswan/utils/capabilities.c b/src/libstrongswan/utils/capabilities.c

index 44a14496c505d16f200fbd40638c9765486866d2..c58ce2fdf6659fa509425ad9ee05cefd3324f6af 100644 (file)
--- a/src/libstrongswan/utils/capabilities.c
+++ b/src/libstrongswan/utils/capabilities.c
@@ -225,7 +225,7 @@ METHOD(capabilities_t, drop, bool,
         prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0);
  #endif
  
-       if (!init_supplementary_groups(this))
+       if (this->uid && !init_supplementary_groups(this))
         {
                 DBG1(DBG_LIB, "initializing supplementary groups for %u failed",
                          this->uid);
author	Martin Willi <martin@revosec.ch>
	Wed, 8 May 2013 12:58:28 +0000 (14:58 +0200)
committer	Martin Willi <martin@revosec.ch>
	Wed, 15 May 2013 15:20:47 +0000 (17:20 +0200)