File fix_setgroups_missing_call.patch of Package mcelog.13082

Index: mcelog-1.36/mcelog.c
===================================================================
--- mcelog-1.36.orig/mcelog.c	2016-05-03 17:45:47.832648501 +0200
+++ mcelog-1.36/mcelog.c	2016-05-03 17:45:53.348962792 +0200
@@ -37,6 +37,7 @@
 #include <assert.h>
 #include <signal.h>
 #include <pwd.h>
+#include <grp.h>
 #include <sys/wait.h>
 #include <fnmatch.h>
 #include "mcelog.h"
@@ -1223,6 +1224,14 @@ static void general_setup(void)
 
 static void drop_cred(void)
 {
+	/* When dropping privileges from root, the `setgroups` call will
+	 * remove any extraneous groups. If we don't call this, then
+	 * even though our uid has dropped, we may still have groups
+	 * that enable us to do super-user things. This will fail if we
+	 * aren't root, so don't bother checking the return value, this
+	 * is just done as an optimistic privilege dropping function.
+	 */
+	setgroups(0, NULL);
 	if (runcred.uid != -1U && runcred.gid == -1U) {
 		struct passwd *pw = getpwuid(runcred.uid);
 		if (pw)
openSUSE Build Service is sponsored by