From 2eb720f51e432520e7bb0dfa95ad63658a072f4e Mon Sep 17 00:00:00 2001 From: Pavel Labath Date: Wed, 23 May 2018 10:10:36 +0000 Subject: [PATCH] ProcessLauncherPosixFork: move setgid call into the if(debug) branch This call was originally being only made when launching for debug (as an attempt to make sure we don't impart extra privileges on the launched process), but after the debug and non-debug paths were merged, it made it's way into generic code. This was causing problems in locked down android environments which disallowed calling setgid even if it would be a no-op. This prevented launching llgs from lldb-server platform. Overall I'm not sure we should be calling setgid in the first place (it seems random -- e.g. why don't we call setuid then as well). However, all our other copies of launch code have it, so I choose to keep it for now. llvm-svn: 333073 --- lldb/source/Host/posix/ProcessLauncherPosixFork.cpp | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp b/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp index d46191fd622c..46ce3e3d224f 100644 --- a/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp +++ b/lldb/source/Host/posix/ProcessLauncherPosixFork.cpp @@ -90,10 +90,6 @@ static void DupDescriptor(int error_fd, const FileSpec &file_spec, int fd, static void LLVM_ATTRIBUTE_NORETURN ChildFunc(int error_fd, const ProcessLaunchInfo &info) { - // Do not inherit setgid powers. - if (setgid(getgid()) != 0) - ExitWithError(error_fd, "setgid"); - if (info.GetFlags().Test(eLaunchFlagLaunchInSeparateProcessGroup)) { if (setpgid(0, 0) != 0) ExitWithError(error_fd, "setpgid"); @@ -139,6 +135,10 @@ static void LLVM_ATTRIBUTE_NORETURN ChildFunc(int error_fd, ExitWithError(error_fd, "pthread_sigmask"); if (info.GetFlags().Test(eLaunchFlagDebug)) { + // Do not inherit setgid powers. + if (setgid(getgid()) != 0) + ExitWithError(error_fd, "setgid"); + // HACK: // Close everything besides stdin, stdout, and stderr that has no file // action to avoid leaking. Only do this when debugging, as elsewhere we -- GitLab