File hsflowd-fix-setgroups.diff of Package hsflowd

--- a/src/Linux/hsflowd.c
+++ b/src/Linux/hsflowd.c
@@ -1402,6 +1402,14 @@ extern "C" {
 	myLog(LOG_ERR, "drop_privileges: user 'nobody' not found");
 	exit(EXIT_FAILURE);
       }
+      // When dropping privileges from root, the `setgroups` call will
+      // remove any extraneous groups. If we don't call this, then
+      // even though our uid has dropped, we may still have groups
+      // that enable us to do super-user things. This will fail if we
+      // aren't root, so don't bother checking the return value, this
+      // is just done as an optimistic privilege dropping function.
+      setgroups(0, NULL);
+
       if(setgid(nobody->pw_gid) != 0) {
 	myLog(LOG_ERR, "drop_privileges: setgid(%d) failed : %s", nobody->pw_gid, strerror(errno));
 	exit(EXIT_FAILURE);
openSUSE Build Service is sponsored by