diff options
| author | Ted Gould <ted@gould.cx> | 2012-08-30 11:58:02 -0500 |
|---|---|---|
| committer | Ted Gould <ted@gould.cx> | 2012-08-30 11:58:02 -0500 |
| commit | 5d0541a98e4485c6d28480088f449261d9cd68aa (patch) | |
| tree | 27c72759b77fef065c7a5c8681bd2b7e8e35c1ee | |
| parent | fc6dac468200850eda982bc3a9f4d7f4a0cf4311 (diff) | |
| download | libpam-x2go-5d0541a98e4485c6d28480088f449261d9cd68aa.tar.gz libpam-x2go-5d0541a98e4485c6d28480088f449261d9cd68aa.tar.bz2 libpam-x2go-5d0541a98e4485c6d28480088f449261d9cd68aa.zip | |
Clear the groups when dropping privs
| -rw-r--r-- | src/pam-freerdp.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c index ed83402..90686a9 100644 --- a/src/pam-freerdp.c +++ b/src/pam-freerdp.c @@ -27,6 +27,7 @@ #include <sys/mman.h> #include <sys/un.h> #include <pwd.h> +#include <grp.h> #include <security/pam_modules.h> #include <security/pam_modutil.h> @@ -238,6 +239,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv) _exit(EXIT_FAILURE); } + if (setgroups(1, &pwdent->pw_gid) != 0) { + _exit(EXIT_FAILURE); + } + if (clearenv() != 0) { _exit(EXIT_FAILURE); } @@ -305,6 +310,11 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse return EXIT_FAILURE; } + if (setgroups(1, &pwdent->pw_gid) != 0) { + /* Don't need to clean up yet */ + return EXIT_FAILURE; + } + if (clearenv() != 0) { /* Don't need to clean up yet */ return EXIT_FAILURE; |