From: Simon Ruderich Date: Tue, 5 Oct 2021 08:50:40 +0000 (+0200) Subject: Add support for FreeBSD X-Git-Tag: 0.2~1 X-Git-Url: https://ruderich.org/simon/gitweb/?a=commitdiff_plain;h=2bd62914a0887c368ddba71f0fbcd0a01084b4b6;p=ptyas%2Fptyas.git Add support for FreeBSD Tested on FreeBSD 13.0-RELEASE-p4 but should work on all relevant versions. --- diff --git a/ptyas.c b/ptyas.c index dc5f3de..e8e1ba7 100644 --- a/ptyas.c +++ b/ptyas.c @@ -117,12 +117,29 @@ static int snprintf_or_assert(char *str, size_t size, const char *format, ...) { static void drop_privileges_or_die(uid_t uid, gid_t gid) { /* Drop all supplementary group IDs. */ +#ifdef __FreeBSD__ + { + /* FreeBSD uses the first gid to set the egid of the process. */ + gid_t egid = gid; + if (setgroups(1, &egid) != 0) { + die("setgroups"); + } + if (getgroups(1, &egid) != 1) { + die_fmt("failed to drop all supplementary groups\n"); + } + if (egid != gid) { + die_fmt("failed to drop all supplementary groups (egid): %d %d\n", + egid, gid); + } + } +#else if (setgroups(0, NULL) != 0) { die("setgroups"); } if (getgroups(0, NULL) != 0) { die_fmt("failed to drop all supplementary groups\n"); } +#endif /* Dropping groups may require privileges, do that first. */ if (setresgid(gid, gid, gid) != 0) {