From e009ccbe66f67a4c5344d6a1f415c50b699765ad Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 27 Aug 2013 00:19:31 +0200
Subject: [PATCH] ngircd: discard supplementary group ids on startup

The intention was to switch to JUST uid:gid, but setgid is not
sufficient.

Reported-by:  Michael Scherer <misc@zarb.org>
---
 src/ngircd/ngircd.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/ngircd/ngircd.c b/src/ngircd/ngircd.c
index e075e0a7..4099719b 100644
--- a/src/ngircd/ngircd.c
+++ b/src/ngircd/ngircd.c
@@ -724,6 +724,11 @@ NGIRCd_Init(bool NGIRCd_NoDaemon)
 			if (real_errno != EPERM) 
 				goto out;
 		}
+		if (setgroups(0, NULL) != 0) {
+			Log(LOG_ERR, "Can't drop supplementary group ids: %s!",
+					strerror(errno));
+			goto out;
+		}
 	}
 #endif
 
-- 
2.39.2