1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
From: Chris Lamb <lamby@debian.org>
Date: Tue, 16 Oct 2012 12:05:35 +0100
Subject: 0001-drop-supplemental-groups
---
gunicorn/util.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/gunicorn/util.py b/gunicorn/util.py
index 6a5e8b7..6e5de54 100644
--- a/gunicorn/util.py
+++ b/gunicorn/util.py
@@ -24,6 +24,7 @@ import inspect
import errno
import warnings
import cgi
+import errno
from gunicorn.errors import AppImportError
from gunicorn.six import text_type
@@ -154,6 +155,14 @@ def set_owner_process(uid, gid):
# groups like on osx or fedora
gid = abs(gid) & 0x7FFFFFFF
os.setgid(gid)
+
+ # Also drop supplemental groups
+ try:
+ os.setgroups([])
+ except OSError as e:
+ if e.errno != errno.EPERM:
+ raise
+
if uid:
os.setuid(uid)
|
