nslcd drops supplemental groups when dropping privileges
Bug #1020303 reported by
ekilfoil
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
When nslcd drops privileges at startup, it calls setgroups(0, NULL) rather than the expected initgroups(
If it matters, nscd works as expected by calling getgrouplist() and then the appropriate setgroups() with the group list when it drops privileges.
The debug output from nslcd shows this happening:
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(112) done
nslcd: DEBUG: setuid(106) done
and it appears to do this intentionally in nslcd.c:
/* drop all supplemental groups */
if (setgroups(
Related branches
To post a comment you must log in.
This was changes in 0.8.11 which was uploaded as 0.8.11-1 to Debian experimental (in experimental mostly to avoid problems for the upcoming Debian stable release).