* Run the login shell or command as the given user in a new pty to prevent
* terminal injection attacks.
*
- * Copyright (C) 2016-2019 Simon Ruderich
+ * Copyright (C) 2016-2021 Simon Ruderich
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
static void drop_privileges_or_die(uid_t uid, gid_t gid) {
/* Drop all supplementary group IDs. */
+#ifdef __FreeBSD__
+ {
+ /* FreeBSD uses the first gid to set the egid of the process. */
+ gid_t egid = gid;
+ if (setgroups(1, &egid) != 0) {
+ die("setgroups");
+ }
+ if (getgroups(1, &egid) != 1) {
+ die_fmt("failed to drop all supplementary groups\n");
+ }
+ if (egid != gid) {
+ die_fmt("failed to drop all supplementary groups (egid): %d %d\n",
+ egid, gid);
+ }
+ }
+#else
if (setgroups(0, NULL) != 0) {
die("setgroups");
}
if (getgroups(0, NULL) != 0) {
die_fmt("failed to drop all supplementary groups\n");
}
+#endif
/* Dropping groups may require privileges, do that first. */
if (setresgid(gid, gid, gid) != 0) {