[Lldb-commits] [lldb] r333073 - ProcessLauncherPosixFork: move setgid call into the if(debug) branch

Pavel Labath via lldb-commits lldb-commits at lists.llvm.org
Wed May 23 03:10:37 PDT 2018 

Author: labath
Date: Wed May 23 03:10:36 2018
New Revision: 333073

URL: http://llvm.org/viewvc/llvm-project?rev=333073&view=rev
Log:
ProcessLauncherPosixFork: move setgid call into the if(debug) branch

This call was originally being only made when launching for debug (as an
attempt to make sure we don't impart extra privileges on the launched
process), but after the debug and non-debug paths were merged, it made
it's way into generic code. This was causing problems in locked down
android environments which disallowed calling setgid even if it would be
a no-op. This prevented launching llgs from lldb-server platform.

Overall I'm not sure we should be calling setgid in the first place
(it seems random -- e.g. why don't we call setuid then as well).
However, all our other copies of launch code have it, so I choose to
keep it for now.

Modified:
    lldb/trunk/source/Host/posix/ProcessLauncherPosixFork.cpp

Modified: lldb/trunk/source/Host/posix/ProcessLauncherPosixFork.cpp
URL: http://llvm.org/viewvc/llvm-project/lldb/trunk/source/Host/posix/ProcessLauncherPosixFork.cpp?rev=333073&r1=333072&r2=333073&view=diff
==============================================================================
--- lldb/trunk/source/Host/posix/ProcessLauncherPosixFork.cpp (original)
+++ lldb/trunk/source/Host/posix/ProcessLauncherPosixFork.cpp Wed May 23 03:10:36 2018
@@ -90,10 +90,6 @@ static void DupDescriptor(int error_fd,
 
 static void LLVM_ATTRIBUTE_NORETURN ChildFunc(int error_fd,
                                               const ProcessLaunchInfo &info) {
-  // Do not inherit setgid powers.
-  if (setgid(getgid()) != 0)
-    ExitWithError(error_fd, "setgid");
-
   if (info.GetFlags().Test(eLaunchFlagLaunchInSeparateProcessGroup)) {
     if (setpgid(0, 0) != 0)
       ExitWithError(error_fd, "setpgid");
@@ -139,6 +135,10 @@ static void LLVM_ATTRIBUTE_NORETURN Chil
     ExitWithError(error_fd, "pthread_sigmask");
 
   if (info.GetFlags().Test(eLaunchFlagDebug)) {
+    // Do not inherit setgid powers.
+    if (setgid(getgid()) != 0)
+      ExitWithError(error_fd, "setgid");
+
     // HACK:
     // Close everything besides stdin, stdout, and stderr that has no file
     // action to avoid leaking. Only do this when debugging, as elsewhere we

More information about the lldb-commits mailing list