Revert "Do not ignore EPERM when dropping supplementary groups"

This reverts commit b4a4ab4. As per #121650 (comment)
rust-lang · Mar 13, 2024 · d7f7f66 · d7f7f66
1 parent b4a4ab4
commit d7f7f66
Showing 1 changed file with 11 additions and 3 deletions.
diff --git a/library/std/src/sys/pal/unix/process/process_unix.rs b/library/std/src/sys/pal/unix/process/process_unix.rs
@@ -330,14 +330,22 @@ impl Command {
             if let Some(u) = self.get_uid() {
                 // When dropping privileges from root, the `setgroups` call
                 // will remove any extraneous groups. We only drop groups
-                // if we weren't given an explicit set of groups.
-                // If we don't call this, then even though our
+                // if we have CAP_SETGID and we weren't given an explicit
+                // set of groups. If we don't call this, then even though our
                 // uid has dropped, we may still have groups that enable us to
                 // do super-user things.
                 //FIXME: Redox kernel does not support setgroups yet
                 #[cfg(not(target_os = "redox"))]
                 if self.get_groups().is_none() {
-                    cvt(libc::setgroups(0, crate::ptr::null()))?;
+                    let res = cvt(libc::setgroups(0, crate::ptr::null()));
+                    if let Err(e) = res {
+                        // Here we ignore the case of not having CAP_SETGID.
+                        // An alternative would be to require CAP_SETGID (in
+                        // addition to CAP_SETUID) for setting the UID.
+                        if e.raw_os_error() != Some(libc::EPERM) {
+                            return Err(e.into());
+                        }
+                    }
                 }
                 cvt(libc::setuid(u as uid_t))?;
             }