[BB#115] Drop supplementary groups

Supplementary groups are inherited from the calling process. Drop all
supplementary groups if the "Group" configuration directive is set to
change to a different user. Otherwise the process may have more rights
than expected.

Reviewed-by: Michael Adam <obnox@samba.org>

2 files changed, 11 insertions, 1 deletions

diff --git a/configure.ac b/configure.ac
index 303fc7b..377e204 100644
--- a/configure.ac
+++ b/configure.ac
@@ -203,7 +203,7 @@ AC_FUNC_REALLOC
 AC_CHECK_FUNCS([gethostname inet_ntoa memchr memset select socket strcasecmp \
                 strchr strdup strerror strncasecmp strpbrk strstr strtol])
 AC_CHECK_FUNCS([isascii memcpy setrlimit ftruncate regcomp regexec])
-AC_CHECK_FUNCS([strlcpy strlcat])
+AC_CHECK_FUNCS([strlcpy strlcat setgroups])
 
 
 dnl Enable extra warnings
diff --git a/src/main.c b/src/main.c
index a7ae9c7..abb047d 100644
--- a/src/main.c
+++ b/src/main.c
@@ -296,6 +296,16 @@ change_user (const char *program)
                         exit (EX_NOPERM);
                 }
 
+#ifdef HAVE_SETGROUPS
+                /* Drop all supplementary groups, otherwise these are inherited from the calling process */
+                if (setgroups (0, NULL) < 0) {
+                        fprintf (stderr,
+                                 "%s: Unable to drop supplementary groups.\n",
+                                 program);
+                        exit (EX_NOPERM);
+                }
+#endif
+
                 log_message (LOG_INFO, "Now running as group \"%s\".",
                              config.group);
         }