diff options
| author | Thiago Macieira <thiago.macieira@intel.com> | 2023-05-12 19:43:18 -0700 |
|---|---|---|
| committer | Thiago Macieira <thiago.macieira@intel.com> | 2023-07-08 15:03:23 -0700 |
| commit | 271901c5cf06a2e3c00acc35759f0e022f9f16b9 (patch) | |
| tree | c6e65c1c83f910c36633a4164cc3eca307149c04 /src/corelib/io/qprocess.cpp | |
| parent | 13a1995e9dc987d1560b38d16b76442261b4aa8d (diff) | |
QProcess/Unix: add a simple way to reset the UID and GID for the child
This is done as one of the last steps inside QProcess itself, so the
child modifier and all other tasks still run with the parent process'
permissions. On Linux, setting the UID to non-zero will also
automatically clear the effective capabilities(7) set.
This feature is only useful for setuid or setgid applications, so this
commit updates the QCoreApplication::setSetuidAllowed() documentation to
mention the QProcess flag.
Change-Id: I3e3bfef633af4130a03afffd175e940c0668d244
Reviewed-by: Volker Hilsheimer <volker.hilsheimer@qt.io>
Reviewed-by: Edward Welbourne <edward.welbourne@qt.io>
Diffstat (limited to 'src/corelib/io/qprocess.cpp')
| -rw-r--r-- | src/corelib/io/qprocess.cpp | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/corelib/io/qprocess.cpp b/src/corelib/io/qprocess.cpp index 78d2de77793..a8a32ef633a 100644 --- a/src/corelib/io/qprocess.cpp +++ b/src/corelib/io/qprocess.cpp @@ -873,6 +873,12 @@ void QProcessPrivate::Channel::clear() terminate immediately; with this flag, the write operation fails without a signal and the child may continue executing. + \value [since 6.7] ResetIds Drops any retained, effective user or group + ID the current process may still have (see \c{setuid(2)} and + \c{setgid(2)}, plus QCoreApplication::setSetuidAllowed()). This is + useful if the current process was setuid or setgid and does not wish + the child process to retain the elevated privileges. + \value ResetSignalHandlers Resets all Unix signal handlers back to their default state (that is, pass \c SIG_DFL to \c{signal(2)}). This flag is useful to ensure any ignored (\c SIG_IGN) signal does not affect |