syscall: only call setgroups if we need to

If the caller set ups a Credential in os/exec.Command, os/exec.Command.Start will end up calling setgroups(2), even if no supplementary groups were given. Only root can call setgroups(2) on BSD kernels, which causes Start to fail for non-root users when they try to set uid and gid for the new process. We fix by introducing a new field to syscall.Credential named NoSetGroups, and setgroups(2) is only called if it is false. We make this field with inverted logic to preserve backward compatibility. RELNOTES=yes Change-Id: I3cff1f21c117a1430834f640ef21fd4e87e06804 Reviewed-on: https://go-review.googlesource.com/36697 Reviewed-by: Ian Lance Taylor <iant@golang.org>
2025-12-08 06:10:04 +00:00 · 2017-02-10 04:10:48 -02:00 · 2017-02-10 04:10:48 -02:00 · 79f6a5c7bd
commit 79f6a5c7bd
parent 708ba22a0c
5 changed files with 60 additions and 13 deletions
--- a/src/syscall/exec_unix.go
+++ b/src/syscall/exec_unix.go
@ -112,9 +112,10 @@ func SetNonblock(fd int, nonblocking bool) (err error) {
 // Credential holds user and group identities to be assumed
 // by a child process started by StartProcess.
 type Credential struct {
-	Uid    uint32   // User ID.
-	Gid    uint32   // Group ID.
-	Groups []uint32 // Supplementary group IDs.
+	Uid         uint32   // User ID.
+	Gid         uint32   // Group ID.
+	Groups      []uint32 // Supplementary group IDs.
+	NoSetGroups bool     // If true, don't set supplementary groups
 }

 // ProcAttr holds attributes that will be applied to a new process started