Merge pull request #15 from rainisto/master

[mapplauncherd] drop setgid from processes that are not isPrivileged()
12 years ago · 30d2007c5e
parent 2265cc2e0f 764fd9f3ad
commit 30d2007c5e
1 changed files with 6 additions and 3 deletions
--- a/src/launcherlib/booster.cpp
+++ b/src/launcherlib/booster.cpp
@ -403,12 +403,15 @@ void Booster::setEnvironmentBeforeLaunch()
        if (getgid() != m_appData->groupId())
            setgid(m_appData->groupId());

-        // Flip the effective group ID forth and back to a dedicated group
+        // Flip the real group ID forth and back to a dedicated group
        // id to generate an event for policy (re-)classification.
-        gid_t orig = getegid();
+        // Using real ID instead of effective for dropping setgid
+        // from calling process (for example lipstick).
+        gid_t orig = getgid();

        setegid(m_boosted_gid);
-        setegid(orig);
+        if (setregid(orig, orig) == -1) 
+            Logger::logError("Failed to set process gid to %d, %s", orig, strerror(errno));
    }

    // Reset out-of-memory killer adjustment