From 5913893d6f3de65b16e1ad294b88893305efb20f Mon Sep 17 00:00:00 2001
From: Ondrej Dubaj <odubaj@redhat.com>
Date: Thu, 18 Feb 2021 09:59:31 +0100
Subject: [PATCH] * lib/system.h (ERRNO_IS_EACCES): Remove.  Not used anymore.
 (sys_reset_uid_gid): Re-initialize supplementary groups when switching
 privileges. Fix ordering of setgid and setuid calls.

---
 lib/system.h | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/lib/system.h b/lib/system.h
index 1c1a5d0..4fd3ce9 100644
--- a/lib/system.h
+++ b/lib/system.h
@@ -470,19 +470,37 @@ char *getenv ();
 #if MSDOS
 # include <process.h>
 # define SET_BINARY_MODE(arc) setmode(arc, O_BINARY)
-# define ERRNO_IS_EACCES errno == EACCES
 # define mkdir(file, mode) (mkdir) (file)
 # define TTY_NAME "con"
 # define sys_reset_uid_gid()
 #else
 # define SET_BINARY_MODE(arc)
-# define ERRNO_IS_EACCES 0
 # define TTY_NAME "/dev/tty"
-# define sys_reset_uid_gid()					\
-  do {								\
-    if (! (setuid (getuid ()) == 0 && setgid (getgid ()) == 0)) \
-      abort ();							\
-  } while (0)
+# include <paxlib.h>
+static inline void
+sys_reset_uid_gid (void)
+{
+  struct passwd *pw;
+  uid_t uid = getuid ();
+  gid_t gid = getgid ();
+  
+  if ((pw = getpwuid (uid)) == NULL)
+    {
+      FATAL_ERROR ((0, errno, "%s(%lu)", "getpwuid", (unsigned long)uid));
+    }
+  if (initgroups (pw->pw_name, getgid ()))
+    {
+      FATAL_ERROR ((0, errno, "%s", "initgroups"));
+    }
+  if (gid != getegid () && setgid (gid) && errno != EPERM)
+    {
+      FATAL_ERROR ((0, errno, "%s", "setgid"));
+    }
+  if (uid != geteuid () && setuid (uid) && errno != EPERM)
+    {
+      FATAL_ERROR ((0, errno, "%s", "setuid"));
+    }
+}
 #endif
 
 #if XENIX
-- 
2.26.0