On Mon, Aug 29, 2022 at 05:17:03PM +0200, Stefano Brivio wrote:
> Commit a951e0b9efcb ("conf: Add --runas option, changing to given UID
> and GID if started as root") dropped the call to initgroups() that
> used to add supplementary groups corresponding to the user we'll
> eventually run as -- we don't need those.
> 
> However, if the original user belongs to supplementary groups
> (usually not the case, if started as root), we don't drop those,
> now, and rpmlint says:
> 
>   passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt
>   passt.x86_64: E: missing-call-to-setgroups-before-setuid /usr/bin/passt.avx2
> 
> Add a call to setgroups() with an empty set, to drop any
> supplementary group we might currently have, before changing GID
> and UID.
> 
> Reported-by: Daniel P. Berrangé <berrange(a)redhat.com>
> Signed-off-by: Stefano Brivio <sbrivio(a)redhat.com>

Reviewed-by: David Gibson <david(a)gibson.dropbear.id.au>

I'll keep this in mind for the rework I plan in this area.

> ---
>  util.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/util.c b/util.c
> index 9b87b65..7e10deb 100644
> --- a/util.c
> +++ b/util.c
> @@ -525,7 +525,7 @@ void check_root(struct ctx *c)
>  #endif
>  	}
>  
> -	if (!setgid(c->gid) && !setuid(c->uid))
> +	if (!setgroups(0, NULL) && !setgid(c->gid) && !setuid(c->uid))
>  		return;
>  
>  	fprintf(stderr, "Can't change user/group, exiting");

-- 
David Gibson			| I'll have my music baroque, and my code
david AT gibson.dropbear.id.au	| minimalist, thank you.  NOT _the_ _other_
				| _way_ _around_!
http://www.ozlabs.org/~dgibson