Issue #6975 has been updated by akr (Akira Tanaka).

Assignee changed from akira (akira yamada) to akr (Akira Tanaka)

posix_spawn has an option to dropping privileges: POSIX_SPAWN_RESETIDS

I guess primitive setuid/setgid is too generic for this use case.


----------------------------------------
Feature #6975: Changing UID/GID when calling spawn/popen
https://bugs.ruby-lang.org/issues/6975#change-29170

Author: vihai (Daniele Orlandi)
Status: Open
Priority: Normal
Assignee: akr (Akira Tanaka)
Category: core
Target version: 


Hello,

If I am not wrong it seems that there is no way to properly drop all privileges when spawning a process with spawn/popen.

AFAIK, proper privilege dropping should be done after the fork() and before the exec() and there doesn't seem to be such functionality neither an hook like Python has.

Thanks,
Bye,


-- 
http://bugs.ruby-lang.org/