From f9512c9c7d41db358f71aa9ed2911831d046b3d3 Mon Sep 17 00:00:00 2001
From: Steve Grubb <sgrubb@redhat.com>
Date: Thu, 14 Jul 2011 19:37:22 +0200
Subject: drop supplemental groups

Hello,

Below is a patch that fixes a security flaw in rtkit daemon. Its not
dropping
supplemental groups.

rtkit     1845     1  0 07:27 ?        00:00:00
/usr/libexec/rtkit-daemon
Name:   rtkit-daemon
State:  S (sleeping)
Tgid:   1845
Pid:    1845
PPid:   1
Uid:    491     491     491     491
Gid:    478     478     478     478
Groups: 0 1 2 3 4 6 10

-Steve
---
 rtkit-daemon.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/rtkit-daemon.c b/rtkit-daemon.c
index 7861c6a..eca9ebb 100644
--- a/rtkit-daemon.c
+++ b/rtkit-daemon.c
@@ -49,6 +49,7 @@
 #include <pthread.h>
 #include <dirent.h>
 #include <syslog.h>
+#include <grp.h>
 
 #include "rtkit.h"
 #include "sd-daemon.h"
@@ -1795,7 +1796,8 @@ static int drop_privileges(void) {
                 }
 
                 /* Fifth, drop privs */
-                if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 ||
+                if (setgroups(0, NULL) < 0 ||
+                    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 ||
                     setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) {
                         r = -errno;
                         syslog(LOG_ERR, "Failed to become %s: %s\n", username, strerror(errno));
-- 
cgit