From 26985aef96b820d0b62aca93e565559ab612ee82 Mon Sep 17 00:00:00 2001 From: Anthony Eadicicco Date: Tue, 6 Oct 2020 14:36:29 -0400 Subject: [PATCH] In batch mode, set groups to group membership of target user. Previously, group list was cleared during privilege de-escalation. This causes profiles scripts to be run as the local user with an empty group list. This can cause issues when, eg, the 'video' group is required for backlight control, and the user is trying to invoke xbacklight from postswitch.sh. --- autorandr.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/autorandr.py b/autorandr.py index 535ec31..a2c6f82 100755 --- a/autorandr.py +++ b/autorandr.py @@ -1101,7 +1101,7 @@ def dispatch_call_to_sessions(argv): # so it should be safe. Also, note that since the environment # is taken from a process owned by the user, reusing it should # not leak any information. - os.setgroups([]) + os.setgroups(os.getgrouplist(pwent.pw_name, pwent.pw_gid)) os.setresgid(pwent.pw_gid, pwent.pw_gid, pwent.pw_gid) os.setresuid(pwent.pw_uid, pwent.pw_uid, pwent.pw_uid) os.chdir(pwent.pw_dir) -- 2.39.5