Skip to content
Permalink
Browse files Browse the repository at this point in the history
Drop supplementary groups when changing to non-root
Summary: When running HHVM as a non-root user, UID and GID are updated correctly but supplementary groups are not dropped properly. This runs initgroups inside main thread and lightprocess threads to reset groups to those of the specified non-root user.

Reviewed By: @markw65

Differential Revision: D1193229
  • Loading branch information
Otto Ebeling authored and JoelMarcey committed May 2, 2014
1 parent b645b83 commit 851fff9
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
7 changes: 7 additions & 0 deletions hphp/util/capability.cpp
Expand Up @@ -24,6 +24,7 @@
#include <sys/prctl.h>
#include <sys/types.h>
#include <pwd.h>
#include <grp.h>

namespace HPHP {
///////////////////////////////////////////////////////////////////////////////
Expand Down Expand Up @@ -102,6 +103,12 @@ bool Capability::ChangeUnixUser(uid_t uid) {
return false;
}

if (initgroups(pw->pw_name, pw->pw_gid) < 0) {
Logger::Error("unable to drop supplementary group privs: %s",
folly::errnoStr(errno).c_str());
return false;
}

if (pw->pw_gid == 0 || setgid(pw->pw_gid) < 0) {
Logger::Error("unable to drop gid privs: %s",
folly::errnoStr(errno).c_str());
Expand Down
2 changes: 2 additions & 0 deletions hphp/util/light-process.cpp
Expand Up @@ -25,6 +25,7 @@
#include <sys/socket.h>

#include <afdt.h>
#include <grp.h>
#include <stdlib.h>
#include <unistd.h>
#include <poll.h>
Expand Down Expand Up @@ -299,6 +300,7 @@ static void do_change_user(FILE *fin, FILE *fout) {
struct passwd *pw = getpwnam(uname.c_str());
if (pw) {
if (pw->pw_gid) {
initgroups(pw->pw_name, pw->pw_gid);
setgid(pw->pw_gid);
}
if (pw->pw_uid) {
Expand Down

0 comments on commit 851fff9

Please sign in to comment.