From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [DMD] [PATCH] service: Change gid before uid when dropping privileges. Date: Fri, 04 Dec 2015 15:27:12 +0100 Message-ID: <87twnyjnlr.fsf@gnu.org> References: <871tb3tuek.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:58211) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1a4yWo-0001vS-JU for guix-devel@gnu.org; Fri, 04 Dec 2015 17:08:35 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1a4yWn-0005RN-JQ for guix-devel@gnu.org; Fri, 04 Dec 2015 17:08:34 -0500 In-Reply-To: <871tb3tuek.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me> (David Thompson's message of "Thu, 03 Dec 2015 10:37:55 -0500") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: David Thompson Cc: guix-devel@gnu.org David Thompson skribis: > Found this little order of operations issue when trying to button up the > Transmission service. Indeed, good catch! > From 552eafe882e3c059525e79c0f222becb9d73eb93 Mon Sep 17 00:00:00 2001 > From: David Thompson > Date: Thu, 3 Dec 2015 10:09:34 -0500 > Subject: [PATCH] service: Change gid before uid when dropping privileges. > Commit log please. :-) Could you send an updated patch? I think we should also do: (setgroups #()) before calling =E2=80=98setgid=E2=80=99, and probably factorize exception h= andling. Would you like to do that? Thank you, Ludo=E2=80=99.