Indeed, this particular use of getgid() and setuid(0 specifically is used to temporarily change to the privileges afforded to a client logging in using a particular username and password (i.e. secpwd security). As such, we do not want to complete destroy the existing ancillary groups afforded to the server as they would be extremely difficult to recreate. See
https://security.stackexchange.com/questions/122141/always-setgroups-before-setuid

So, I am closing this as "not an error in the context used".. However, thank you for bringing this to our attention as it's aways good to review potential security issues.


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <xrootd/xrootd/issues/1783/1262105171@github.com>

[ { "@context": "http://schema.org", "@type": "EmailMessage", "potentialAction": { "@type": "ViewAction", "target": "https://github.com/xrootd/xrootd/issues/1783#issuecomment-1262105171", "url": "https://github.com/xrootd/xrootd/issues/1783#issuecomment-1262105171", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { "@type": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

Use REPLY-ALL to reply to list

To unsubscribe from the XROOTD-DEV list, click the following link:
https://listserv.slac.stanford.edu/cgi-bin/wa?SUBED1=XROOTD-DEV&A=1