summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/OS/os.h-GNU4
-rw-r--r--src/src/exim.c10
2 files changed, 11 insertions, 3 deletions
diff --git a/src/OS/os.h-GNU b/src/OS/os.h-GNU
index 44993163d..1de2e3e84 100644
--- a/src/OS/os.h-GNU
+++ b/src/OS/os.h-GNU
@@ -20,4 +20,8 @@ typedef struct flock flock_t;
/* default is non-const */
#define ICONV_ARG2_TYPE const char **
+/* setgroups(0, NULL) succeeds, and drops the gid group
+as well as any supplementary groups*/
+#define OS_SETGROUPS_ZERO_DROPS_ALL
+
/* End */
diff --git a/src/src/exim.c b/src/src/exim.c
index 477b82aa4..f0feaf5bd 100644
--- a/src/src/exim.c
+++ b/src/src/exim.c
@@ -3642,7 +3642,11 @@ since you have to be root to run it, even if throwing away groups. Not being
root here happens only in some unusual configurations. We just ignore the
error. */
-if (setgroups(0, NULL) != 0 && setgroups(1, group_list) != 0 && !unprivileged)
+if (
+#ifndef OS_SETGROUPS_ZERO_DROPS_ALL
+ setgroups(0, NULL) != 0 &&
+#endif
+ setgroups(1, group_list) != 0 && !unprivileged)
exim_fail("exim: setgroups() failed: %s\n", strerror(errno));
/* If the configuration file name has been altered by an argument on the
@@ -4289,8 +4293,8 @@ else
if (!(unprivileged || removed_privilege))
exim_fail("exim: changing group failed: %s\n", strerror(errno));
else
- DEBUG(D_any) debug_printf("changing group to %ld failed: %s\n",
- (long int)exim_gid, strerror(errno));
+ DEBUG(D_any) debug_printf("changing group to %ld failed: %d: %s\n",
+ (long int)exim_gid, errno, strerror(errno));
}
/* Handle a request to scan a file for malware */