From 27d02e3e7185bdcc4ac5db982c9d302a7a6a5b0a Mon Sep 17 00:00:00 2001
From: Steve Dickson <steved@fedoraproject.org>
Date: Jun 23 2008 16:39:59 +0000
Subject: rpcbind needs to downgrade to non-priviledgied group


---

diff --git a/rpcbind-0.1.5-setgid.patch b/rpcbind-0.1.5-setgid.patch
new file mode 100644
index 0000000..e0b4d88
--- /dev/null
+++ b/rpcbind-0.1.5-setgid.patch
@@ -0,0 +1,28 @@
+commit f7d18d511767e892e52932f8c6f6e49755a8e5bc
+Author: Guillaume Rousse <Guillaume.Rousse@inria.fr>
+Date:   Mon Jun 23 12:30:29 2008 -0400
+
+    rpcbind needs to also downgrade its gid to a non-priviledgied group
+    
+    Signed-off-by: Andreas Hasenack <andreas@mandriva.com>
+    Signed-off-by: Guillaume Rousse <Guillaume.Rousse@inria.fr>
+    Signed-off-by: Steve Dickson <steved@redhat.com>
+
+diff --git a/src/rpcbind.c b/src/rpcbind.c
+index 949ece2..fb75517 100644
+--- a/src/rpcbind.c
++++ b/src/rpcbind.c
+@@ -216,8 +216,12 @@ main(int argc, char *argv[])
+ 			syslog(LOG_ERR, "cannot get uid of '%s': %m", id);
+ 			exit(1);
+ 		}
++                if (setgid(p->pw_gid) == -1) {
++                        syslog(LOG_ERR, "setgid to '%s' (%d) failed: %m", id, p->pw_gid);
++                        exit(1);
++                }
+ 		if (setuid(p->pw_uid) == -1) {
+-			syslog(LOG_ERR, "setuid to '%s' failed: %m", id);
++			syslog(LOG_ERR, "setuid to '%s' (%d) failed: %m", id, p->pw_uid);
+ 			exit(1);
+ 		}
+ 	}
diff --git a/rpcbind.spec b/rpcbind.spec
index 24986a1..81dd984 100644
--- a/rpcbind.spec
+++ b/rpcbind.spec
@@ -2,7 +2,7 @@
 
 Name:           rpcbind
 Version:        0.1.5
-Release: 		1%{?dist}
+Release: 		2%{?dist}
 Summary:        Universal Addresses to RPC Program Number Mapper
 Group:          System Environment/Daemons
 License:        GPL
@@ -26,6 +26,7 @@ Provides: portmap = %{version}-%{release}
 Obsoletes: portmap <= 4.0-65.3
 
 Patch1: rpcbind-0.1.4-iff_up.patch
+Patch2: rpcbind-0.1.5-setgid.patch
 
 %description
 The rpcbind utility is a server that converts RPC program numbers into
@@ -36,6 +37,7 @@ RPC calls on a server on that machine.
 %setup -q
 
 %patch1 -p1
+%patch2 -p1
 
 %build
 %ifarch s390 s390x
@@ -116,6 +118,9 @@ fi
 
 %changelog
 * Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1
+- rpcbind needs to downgrade to non-priviledgied group.
+
+* Mon Jun 23 2008 Steve Dickson <steved@redhat.com> 0.1.5-1
 - Updated to latest upstream release 0.1.5
 
 * Mon Feb 11 2008 Steve Dickson <steved@redhat.com> 0.1.4-14