File 05_rungetty-missing-call-to-setgroups-before-setuid.patch of Package rungetty

Index: rungetty-1.2/rungetty.c
--- rungetty-1.2.orig/rungetty.c
+++ rungetty-1.2/rungetty.c
@@ -595,6 +595,15 @@ main (int argc, char **argv)
   if (!program_run)
     mingetty_login (logname, tty);
+  /* When dropping privileges from root, the `setgroups` call will
+  * remove any extraneous groups. If we don't call this, then
+  * even though our uid has dropped, we may still have groups
+  * that enable us to do super-user things. This will fail if we
+  * aren't root, so don't bother checking the return value, this
+  * is just done as an optimistic privilege dropping function.
+  */
+  setgroups(0, NULL);
   setgid (u_group->gr_gid);
   setuid (user->pw_uid);
openSUSE Build Service is sponsored by