aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTed Gould <ted@gould.cx>2012-08-30 11:58:02 -0500
committerTed Gould <ted@gould.cx>2012-08-30 11:58:02 -0500
commitf839484b45f89e62a3e635c35402ebd807e78499 (patch)
tree27c72759b77fef065c7a5c8681bd2b7e8e35c1ee
parent3058f050cdb8f65f176281a82def12804ae85d05 (diff)
downloadlibpam-freerdp2-f839484b45f89e62a3e635c35402ebd807e78499.tar.gz
libpam-freerdp2-f839484b45f89e62a3e635c35402ebd807e78499.tar.bz2
libpam-freerdp2-f839484b45f89e62a3e635c35402ebd807e78499.zip
Clear the groups when dropping privs
-rw-r--r--src/pam-freerdp.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index ed83402..90686a9 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -27,6 +27,7 @@
#include <sys/mman.h>
#include <sys/un.h>
#include <pwd.h>
+#include <grp.h>
#include <security/pam_modules.h>
#include <security/pam_modutil.h>
@@ -238,6 +239,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
_exit(EXIT_FAILURE);
}
+ if (setgroups(1, &pwdent->pw_gid) != 0) {
+ _exit(EXIT_FAILURE);
+ }
+
if (clearenv() != 0) {
_exit(EXIT_FAILURE);
}
@@ -305,6 +310,11 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse
return EXIT_FAILURE;
}
+ if (setgroups(1, &pwdent->pw_gid) != 0) {
+ /* Don't need to clean up yet */
+ return EXIT_FAILURE;
+ }
+
if (clearenv() != 0) {
/* Don't need to clean up yet */
return EXIT_FAILURE;