ngircd: discard supplementary group ids on startup
authorFlorian Westphal <fw@strlen.de>
Mon, 26 Aug 2013 22:19:31 +0000 (00:19 +0200)
committerFlorian Westphal <fw@strlen.de>
Mon, 26 Aug 2013 22:19:31 +0000 (00:19 +0200)
The intention was to switch to JUST uid:gid, but setgid is not
sufficient.

Reported-by: Michael Scherer <misc@zarb.org>
src/ngircd/ngircd.c

index e075e0a7355486c826497bd602cd64be7b1990ab..4099719b8ebe703e66960c97ae999df1f3274043 100644 (file)
@@ -724,6 +724,11 @@ NGIRCd_Init(bool NGIRCd_NoDaemon)
                        if (real_errno != EPERM) 
                                goto out;
                }
+               if (setgroups(0, NULL) != 0) {
+                       Log(LOG_ERR, "Can't drop supplementary group ids: %s!",
+                                       strerror(errno));
+                       goto out;
+               }
        }
 #endif