From: Karel Zak <kzak@redhat.com>
Date: Thu, 29 Jul 2021 09:50:48 +0000 (+0200)
Subject: libmount: fix setgroups() use
X-Git-Tag: v2.38-rc1~336
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=420e914c4cc4c2ba34fd75790ea194d7f4a47d2c;p=thirdparty%2Futil-linux.git

libmount: fix setgroups() use

* keep process in single supplementary group, which is the real group ID for the process

* make sure we have rights to call setgroups(), requires group permissions

Fixes: https://github.com/karelzak/util-linux/issues/1398
Signed-off-by: Karel Zak <kzak@redhat.com>
---

diff --git a/include/c.h b/include/c.h
index c1e4c5ffc9..a4504e3ba5 100644
--- a/include/c.h
+++ b/include/c.h
@@ -340,14 +340,16 @@ static inline size_t get_hostname_max(void)
 
 static inline int drop_permissions(void)
 {
+	gid_t newgid = getgid();
+
 	errno = 0;
 
 	/* drop supplementary groups */
-	if (setgroups(0, NULL) != 0)
+	if (geteuid() == 0 && setgroups(1, &newgid) != 0)
 		goto fail;
 
 	/* drop GID */
-	if (setgid(getgid()) < 0)
+	if (setgid(newgid) < 0)
 		goto fail;
 
 	/* drop UID */