Fix for #1041 (Possible Security Issue: DropPrivileges Plugin Doesn't Remove Groups)

author: Robert Brewer <fumanchu@aminus.org> 2011-02-21 21:56:02 +0000
committer: Robert Brewer <fumanchu@aminus.org> 2011-02-21 21:56:02 +0000
commit: b4c5cbe3d80beebf3058afc937cae924bcc9ed06 (patch)
tree: 92c81a359e6d9d0cd4f8de3736ac516249d891c0 /cherrypy/process/plugins.py
parent: 7012a1cd78dd136d37024eb1b7c6b52f2fd71a46 (diff)
download: cherrypy-git-b4c5cbe3d80beebf3058afc937cae924bcc9ed06.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/cherrypy/process/plugins.py b/cherrypy/process/plugins.py
index 0a189f1a..ac26fa30 100644
--- a/cherrypy/process/plugins.py
+++ b/cherrypy/process/plugins.py
@@ -277,6 +277,7 @@ class DropPrivileges(SimplePlugin):
                 self.bus.log('Started as uid: %r gid: %r' % current_ids())
                 if self.gid is not None:
                     os.setgid(self.gid)
+                    os.setgroups([])
                 if self.uid is not None:
                     os.setuid(self.uid)
                 self.bus.log('Running as uid: %r gid: %r' % current_ids())
author	Robert Brewer <fumanchu@aminus.org>	2011-02-21 21:56:02 +0000
committer	Robert Brewer <fumanchu@aminus.org>	2011-02-21 21:56:02 +0000
commit	b4c5cbe3d80beebf3058afc937cae924bcc9ed06 (patch)
tree	92c81a359e6d9d0cd4f8de3736ac516249d891c0 /cherrypy/process/plugins.py
parent	7012a1cd78dd136d37024eb1b7c6b52f2fd71a46 (diff)
download	cherrypy-git-b4c5cbe3d80beebf3058afc937cae924bcc9ed06.tar.gz