diff options
author | Ted Gould <ted@gould.cx> | 2012-08-30 11:58:02 -0500 |
---|---|---|
committer | Ted Gould <ted@gould.cx> | 2012-08-30 11:58:02 -0500 |
commit | f839484b45f89e62a3e635c35402ebd807e78499 (patch) | |
tree | 27c72759b77fef065c7a5c8681bd2b7e8e35c1ee /src | |
parent | 3058f050cdb8f65f176281a82def12804ae85d05 (diff) | |
download | libpam-freerdp2-f839484b45f89e62a3e635c35402ebd807e78499.tar.gz libpam-freerdp2-f839484b45f89e62a3e635c35402ebd807e78499.tar.bz2 libpam-freerdp2-f839484b45f89e62a3e635c35402ebd807e78499.zip |
Clear the groups when dropping privs
Diffstat (limited to 'src')
-rw-r--r-- | src/pam-freerdp.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index ed83402..90686a9 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -27,6 +27,7 @@ #include <sys/mman.h> #include <sys/un.h> #include <pwd.h> +#include <grp.h> #include <security/pam_modules.h> #include <security/pam_modutil.h> @@ -238,6 +239,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) _exit(EXIT_FAILURE); } + if (setgroups(1, &pwdent->pw_gid) != 0) { + _exit(EXIT_FAILURE); + } + if (clearenv() != 0) { _exit(EXIT_FAILURE); } @@ -305,6 +310,11 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse return EXIT_FAILURE; } + if (setgroups(1, &pwdent->pw_gid) != 0) { + /* Don't need to clean up yet */ + return EXIT_FAILURE; + } + if (clearenv() != 0) { /* Don't need to clean up yet */ return EXIT_FAILURE; |