26 lines
711 B
Diff
26 lines
711 B
Diff
diff --git a/auth.c b/auth.c
|
|
index b8d1040d..0134d694 100644
|
|
--- a/auth.c
|
|
+++ b/auth.c
|
|
@@ -56,6 +56,7 @@
|
|
# include <paths.h>
|
|
#endif
|
|
#include <pwd.h>
|
|
+#include <grp.h>
|
|
#ifdef HAVE_LOGIN_H
|
|
#include <login.h>
|
|
#endif
|
|
@@ -2695,6 +2696,12 @@ subprocess(const char *tag, const char *command,
|
|
}
|
|
closefrom(STDERR_FILENO + 1);
|
|
|
|
+ if (geteuid() == 0 &&
|
|
+ initgroups(pw->pw_name, pw->pw_gid) == -1) {
|
|
+ error("%s: initgroups(%s, %u): %s", tag,
|
|
+ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
|
|
+ _exit(1);
|
|
+ }
|
|
/* Don't use permanently_set_uid() here to avoid fatal() */
|
|
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) {
|
|
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
|