From 9d00681b24b02e0a143506c0f60c83d50136e87d Mon Sep 17 00:00:00 2001
From: Jonathan Dieter <jdieter@lesbg.com>
Date: Tue, 11 Apr 2017 11:20:32 +0300
Subject: [PATCH] [main] Remove supplementary groups when dropping privileges

When dropping privileges, remove supplementary groups which give
unnecessary access.

This will fail if we're not root, at which point the next statement will
also fail, so don't bother checking return value.

Signed-off-by: Jonathan Dieter <jdieter@lesbg.com>
---
 src/main/main.cc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/main.cc b/src/main/main.cc
index 36cf9cb..a974881 100644
--- a/src/main/main.cc
+++ b/src/main/main.cc
@@ -374,6 +374,7 @@ void changeugid(RunMode runmode) {
 		free(wuser);
 		free(wgroup);
 
+		setgroups(0, NULL);
 		if (setgid(wrk_gid)<0) {
 			lzfs_pretty_errlog(LOG_ERR,"can't set gid to %d",(int)wrk_gid);
 			exit(LIZARDFS_EXIT_STATUS_ERROR);
-- 
2.9.3