[Reproducible-commits] [dpkg] 40/74: dpkg: Set primary group to 0 when running as root

Mattia Rizzolo mattia at debian.org
Sun Jul 3 22:22:55 UTC 2016 

This is an automated email from the git hooks/post-receive script.

mattia pushed a commit to annotated tag 1.18.8
in repository dpkg.

commit 77fcf29f146645f7729b8ffd920cc99442f91eda
Author: Guillem Jover <guillem at debian.org>
Date:   Sat May 21 14:27:26 2016 +0200

    dpkg: Set primary group to 0 when running as root
    
    If the user was running with a primary group that is not root, actions
    performed by maintainer scripts might inherit and use the wrong primary
    group when creating files, or doing group based checks.
    
    Reported-by: Stuart Prescott <stuart at debian.org>
---
 debian/changelog | 2 ++
 src/main.c       | 6 ++++++
 2 files changed, 8 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index cbf3c0a..176138b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -20,6 +20,8 @@ dpkg (1.18.8) UNRELEASED; urgency=medium
   * Abstract ar archive handling behind a new struct dpkg_ar and functions.
   * On dpkg --force-chrootless only set changedir to instdir if defined.
     Thanks to Niall Walsh <niallwalsh at celtux.org>. Closes: #824542
+  * Set primary group to 0 in dpkg when running as root.
+    Reported by Stuart Prescott <stuart at debian.org>.
   * Perl modules:
     - Use warnings::warnif() instead of carp() for deprecated warnings.
     - Add new format_range() method and deprecate dpkg() and rfc822() methods
diff --git a/src/main.c b/src/main.c
index 2c4c933..122a28f 100644
--- a/src/main.c
+++ b/src/main.c
@@ -872,6 +872,12 @@ int main(int argc, const char *const *argv) {
   dpkg_options_load(DPKG, cmdinfos);
   dpkg_options_parse(&argv, cmdinfos, printforhelp);
 
+  /* When running as root, make sure our primary group is also root, so
+   * that files created by maintainer scripts have correct ownership. */
+  if (!fc_nonroot && getuid() == 0)
+    if (setgid(0) < 0)
+      ohshite(_("cannot set primary group ID to root"));
+
   if (!cipaction) badusage(_("need an action option"));
 
   admindir = dpkg_db_set_dir(admindir);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git

More information about the Reproducible-commits mailing list