upstream: need initgroups() before setresgid(); reported by anton@,

ok deraadt@

OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce

diff --git a/misc.c b/misc.c
index b8d1040d1e3c1136acb4688ded85a2c953d1b499..d94438da65df3e5b94bdd7722eee3012d1e15c3e 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: misc.c,v 1.169 2021/08/09 23:47:44 djm Exp $ */
+/* $OpenBSD: misc.c,v 1.170 2021/09/26 14:01:03 djm Exp $ */
 /*
  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
  * Copyright (c) 2005-2020 Damien Miller.  All rights reserved.
@@ -2695,6 +2695,12 @@ subprocess(const char *tag, const char *command,
                }
                closefrom(STDERR_FILENO + 1);
 
+               if (geteuid() == 0 &&
+                   initgroups(pw->pw_name, pw->pw_gid) == -1) {
+                       error("%s: initgroups(%s, %u): %s", tag,
+                           pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+                       _exit(1);
+               }
                if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
                        error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
                            strerror(errno));