Cypherpunks repositories - gostls13.git/commit

author	Wander Lairson Costa <wcosta@mozilla.com>
	Fri, 10 Feb 2017 06:10:48 +0000 (04:10 -0200)
committer	Ian Lance Taylor <iant@golang.org>
	Fri, 17 Feb 2017 14:36:27 +0000 (14:36 +0000)
commit	79f6a5c7bd684f2e6007ee505b522440beb86bf0
tree	dd5f9c8bd97279e54569e2c0029c562226d1e2df	tree
parent	708ba22a0c7b6c2e8f46fccb35998c21c60629b9	commit \| diff

syscall: only call setgroups if we need to

If the caller set ups a Credential in os/exec.Command,
os/exec.Command.Start will end up calling setgroups(2), even if no
supplementary groups were given.

Only root can call setgroups(2) on BSD kernels, which causes Start to
fail for non-root users when they try to set uid and gid for the new
process.

We fix by introducing a new field to syscall.Credential named
NoSetGroups, and setgroups(2) is only called if it is false.
We make this field with inverted logic to preserve backward
compatibility.

RELNOTES=yes

Change-Id: I3cff1f21c117a1430834f640ef21fd4e87e06804
Reviewed-on: https://go-review.googlesource.com/36697
Reviewed-by: Ian Lance Taylor <iant@golang.org>

src/os/exec/exec_posix_test.go	[new file with mode: 0644]	blob
src/syscall/exec_bsd.go		diff \| blob \| history
src/syscall/exec_linux.go		diff \| blob \| history
src/syscall/exec_solaris.go		diff \| blob \| history
src/syscall/exec_unix.go		diff \| blob \| history