... | ... |
@@ -298,28 +298,17 @@ int main(int argc, char **argv) { |
298 | 298 |
return 1; |
299 | 299 |
} |
300 | 300 |
|
301 |
- if(optget(opts, "AllowSupplementaryGroups")->enabled) { |
|
302 | 301 |
#ifdef HAVE_INITGROUPS |
303 |
- if(initgroups(opt->strarg, user->pw_gid)) { |
|
304 |
- fprintf(stderr, "ERROR: initgroups() failed.\n"); |
|
305 |
- optfree(opts); |
|
306 |
- return 1; |
|
307 |
- } |
|
308 |
-#else |
|
309 |
- mprintf("!AllowSupplementaryGroups: initgroups() is not available, please disable AllowSupplementaryGroups\n"); |
|
310 |
- optfree(opts); |
|
302 |
+ if(initgroups(user->pw_name, user->pw_gid)) { |
|
303 |
+ fprintf(stderr, "ERROR: initgroups() failed.\n"); |
|
311 | 304 |
return 1; |
312 |
-#endif |
|
313 |
- } else { |
|
314 |
-#ifdef HAVE_SETGROUPS |
|
315 |
- if(setgroups(1, &user->pw_gid)) { |
|
316 |
- fprintf(stderr, "ERROR: setgroups() failed.\n"); |
|
317 |
- optfree(opts); |
|
318 |
- return 1; |
|
319 |
- } |
|
320 |
-#endif |
|
321 | 305 |
} |
322 |
- |
|
306 |
+#elif HAVE_SETGROUPS |
|
307 |
+ if(setgroups(1, &user->pw_gid)) { |
|
308 |
+ fprintf(stderr, "ERROR: setgroups() failed.\n"); |
|
309 |
+ return 1; |
|
310 |
+ } |
|
311 |
+#endif |
|
323 | 312 |
if(setgid(user->pw_gid)) { |
324 | 313 |
fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid); |
325 | 314 |
optfree(opts); |
... | ... |
@@ -216,27 +216,17 @@ int main(int argc, char **argv) |
216 | 216 |
return 1; |
217 | 217 |
} |
218 | 218 |
|
219 |
- if(optget(opts, "AllowSupplementaryGroups")->enabled) { |
|
220 | 219 |
#ifdef HAVE_INITGROUPS |
221 |
- if(initgroups(opt->strarg, user->pw_gid)) { |
|
222 |
- fprintf(stderr, "ERROR: initgroups() failed.\n"); |
|
223 |
- optfree(opts); |
|
224 |
- return 1; |
|
225 |
- } |
|
226 |
-#else |
|
227 |
- mprintf("!AllowSupplementaryGroups: initgroups() is not available, please disable AllowSupplementaryGroups in %s\n", cfgfile); |
|
228 |
- optfree(opts); |
|
229 |
- return 1; |
|
220 |
+ if(initgroups(user->pw_name, user->pw_gid)) { |
|
221 |
+ fprintf(stderr, "ERROR: initgroups() failed.\n"); |
|
222 |
+ return 1; |
|
223 |
+ } |
|
224 |
+#elif HAVE_SETGROUPS |
|
225 |
+ if(setgroups(1, &user->pw_gid)) { |
|
226 |
+ fprintf(stderr, "ERROR: setgroups() failed.\n"); |
|
227 |
+ return 1; |
|
228 |
+ } |
|
230 | 229 |
#endif |
231 |
- } else { |
|
232 |
-#ifdef HAVE_SETGROUPS |
|
233 |
- if(setgroups(1, &user->pw_gid)) { |
|
234 |
- fprintf(stderr, "ERROR: setgroups() failed.\n"); |
|
235 |
- optfree(opts); |
|
236 |
- return 1; |
|
237 |
- } |
|
238 |
-#endif |
|
239 |
- } |
|
240 | 230 |
|
241 | 231 |
if(setgid(user->pw_gid)) { |
242 | 232 |
fprintf(stderr, "ERROR: setgid(%d) failed.\n", (int) user->pw_gid); |
... | ... |
@@ -57,11 +57,6 @@ Run as another user (clamav-milter must be started by root for this option to wo |
57 | 57 |
.br |
58 | 58 |
Default: unset (don\'t drop privileges) |
59 | 59 |
.TP |
60 |
-\fBAllowSupplementaryGroups BOOL\fR |
|
61 |
-Initialize supplementary group access (clamav-milter must be started by root). |
|
62 |
-.br |
|
63 |
-Default: no |
|
64 |
-.TP |
|
65 | 60 |
\fBReadTimeout NUMBER\fR |
66 | 61 |
Waiting for data from clamd will timeout after this time (seconds). |
67 | 62 |
.br |
... | ... |
@@ -270,11 +270,6 @@ Run the daemon as a specified user (the process must be started by root). |
270 | 270 |
.br |
271 | 271 |
Default: disabled |
272 | 272 |
.TP |
273 |
-\fBAllowSupplementaryGroups BOOL\fR |
|
274 |
-Initialize a supplementary group access (the process must be started by root). |
|
275 |
-.br |
|
276 |
-Default: no |
|
277 |
-.TP |
|
278 | 273 |
\fBBytecode BOOL\fR |
279 | 274 |
With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option turned on, otherwise you may miss detections for many new viruses. |
280 | 275 |
.br |
... | ... |
@@ -76,11 +76,6 @@ Enable debug messages in libclamav. |
76 | 76 |
.br |
77 | 77 |
Default: no |
78 | 78 |
.TP |
79 |
-\fBAllowSupplementaryGroups BOOL\fR |
|
80 |
-Initialize supplementary group access (freshclam must be started by root). |
|
81 |
-.br |
|
82 |
-Default: disabled |
|
83 |
-.TP |
|
84 | 79 |
\fBUpdateLogFile STRING\fR |
85 | 80 |
Enable logging to a specified file. Highly recommended. |
86 | 81 |
.br |
... | ... |
@@ -38,11 +38,6 @@ Example |
38 | 38 |
# Default: unset (don't drop privileges) |
39 | 39 |
#User clamav |
40 | 40 |
|
41 |
-# Initialize supplementary group access (clamav-milter must be started by root). |
|
42 |
-# |
|
43 |
-# Default: no |
|
44 |
-#AllowSupplementaryGroups no |
|
45 |
- |
|
46 | 41 |
# Waiting for data from clamd will timeout after this time (seconds). |
47 | 42 |
# Value of 0 disables the timeout. |
48 | 43 |
# |
... | ... |
@@ -202,10 +202,6 @@ Example |
202 | 202 |
# Default: don't drop privileges |
203 | 203 |
#User clamav |
204 | 204 |
|
205 |
-# Initialize supplementary group access (clamd must be started by root). |
|
206 |
-# Default: no |
|
207 |
-#AllowSupplementaryGroups no |
|
208 |
- |
|
209 | 205 |
# Stop daemon when libclamav reports out of memory condition. |
210 | 206 |
#ExitOnOOM yes |
211 | 207 |
|
... | ... |
@@ -55,10 +55,6 @@ Example |
55 | 55 |
# Default: clamav (may depend on installation options) |
56 | 56 |
#DatabaseOwner clamav |
57 | 57 |
|
58 |
-# Initialize supplementary group access (freshclam must be started by root). |
|
59 |
-# Default: no |
|
60 |
-#AllowSupplementaryGroups yes |
|
61 |
- |
|
62 | 58 |
# Use DNS to verify virus database version. Freshclam uses DNS TXT records |
63 | 59 |
# to verify database and software versions. With this directive you can change |
64 | 60 |
# the database verification domain. |
... | ... |
@@ -419,28 +419,17 @@ main (int argc, char **argv) |
419 | 419 |
return FCE_USERINFO; |
420 | 420 |
} |
421 | 421 |
|
422 |
- if (optget (opts, "AllowSupplementaryGroups")->enabled) |
|
423 |
- { |
|
424 | 422 |
#ifdef HAVE_INITGROUPS |
425 |
- if (initgroups (dbowner, user->pw_gid)) |
|
426 |
- { |
|
427 |
- logg ("^initgroups() failed.\n"); |
|
428 |
- optfree (opts); |
|
429 |
- return FCE_USERORGROUP; |
|
430 |
- } |
|
431 |
-#endif |
|
432 |
- } |
|
433 |
- else |
|
434 |
- { |
|
435 |
-#ifdef HAVE_SETGROUPS |
|
436 |
- if (setgroups (1, &user->pw_gid)) |
|
437 |
- { |
|
438 |
- logg ("^setgroups() failed.\n"); |
|
439 |
- optfree (opts); |
|
440 |
- return FCE_USERORGROUP; |
|
441 |
- } |
|
423 |
+ if (initgroups(dbowner, user->pw_gid)) { |
|
424 |
+ logg ("^initgroups() failed.\n"); |
|
425 |
+ return FCE_USERORGROUP; |
|
426 |
+ } |
|
427 |
+#elif HAVE_SETGROUPS |
|
428 |
+ if (setgroups(1, &user->pw_gid)) { |
|
429 |
+ logg ("^setgroups() failed.\n"); |
|
430 |
+ return FCE_USERORGROUP; |
|
431 |
+ } |
|
442 | 432 |
#endif |
443 |
- } |
|
444 | 433 |
|
445 | 434 |
if (setgid (user->pw_gid)) |
446 | 435 |
{ |
... | ... |
@@ -290,8 +290,6 @@ const struct clam_option __clam_options[] = { |
290 | 290 |
|
291 | 291 |
{ "User", NULL, 0, CLOPT_TYPE_STRING, NULL, -1, NULL, 0, OPT_CLAMD | OPT_MILTER, "Run the daemon as a specified user (the process must be started by root).", "clamav" }, |
292 | 292 |
|
293 |
- { "AllowSupplementaryGroups", NULL, 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 0, NULL, 0, OPT_CLAMD | OPT_FRESHCLAM | OPT_MILTER, "Initialize a supplementary group access (the process must be started by root).", "no" }, |
|
294 |
- |
|
295 | 293 |
/* Scan options */ |
296 | 294 |
{ "Bytecode", "bytecode", 0, CLOPT_TYPE_BOOL, MATCH_BOOL, 1, NULL, 0, OPT_CLAMD | OPT_CLAMSCAN, "With this option enabled ClamAV will load bytecode from the database. It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.", "yes" }, |
297 | 295 |
|