Updated to fedora-glibc-20060427T2122

2 files changed, 14 insertions, 5 deletions

diff --git a/nscd/connections.c b/nscd/connections.c
index f8e66c20a6..167b9913f4 100644
--- a/nscd/connections.c
+++ b/nscd/connections.c
@@ -1176,7 +1176,7 @@ cannot open /proc/self/cmdline: %s; disabling paranoia mode"),
   /* Second, change back to the old user if we changed it.  */
   if (server_user != NULL)
     {
-      if (setuid (old_uid) != 0)
+      if (setresuid (old_uid, old_uid, old_uid) != 0)
 	{
 	  dbg_log (_("\
 cannot change to old UID: %s; disabling paranoia mode"),
@@ -1186,7 +1186,7 @@ cannot change to old UID: %s; disabling paranoia mode"),
 	  return;
 	}
 
-      if (setgid (old_gid) != 0)
+      if (setresgid (old_gid, old_gid, old_gid) != 0)
 	{
 	  dbg_log (_("\
 cannot change to old GID: %s; disabling paranoia mode"),
@@ -1873,14 +1873,23 @@ finish_drop_privileges (void)
       error (EXIT_FAILURE, errno, _("setgroups failed"));
     }
 
-  if (setgid (server_gid) == -1)
+  int res;
+  if (paranoia)
+    res = setresgid (server_gid, server_gid, old_gid);
+  else
+    res = setgid (server_gid);
+  if (res == -1)
     {
       dbg_log (_("Failed to run nscd as user '%s'"), server_user);
       perror ("setgid");
       exit (4);
     }
 
-  if (setuid (server_uid) == -1)
+  if (paranoia)
+    res = setresuid (server_uid, server_uid, old_uid);
+  else
+    res = setuid (server_uid);
+  if (res == -1)
     {
       dbg_log (_("Failed to run nscd as user '%s'"), server_user);
       perror ("setuid");
diff --git a/nscd/nscd.conf b/nscd/nscd.conf
index 4cdcb7dc9e..954eafd554 100644
--- a/nscd/nscd.conf
+++ b/nscd/nscd.conf
@@ -24,7 +24,7 @@
 #	persistent		<service> <yes|no>
 #	shared			<service> <yes|no>
 #	max-db-size		<service> <number bytes>
-*	auto-propagate		<service> <yes|no>
+#	auto-propagate		<service> <yes|no>
 #
 # Currently supported cache names (services): passwd, group, hosts
 #