From 8684995d87e08fadd44e1814e810c770a1f60273 Mon Sep 17 00:00:00 2001
From: "Richard W.M. Jones" <rjones@redhat.com>
Date: Mon, 5 Mar 2012 14:48:08 +0000
Subject: [PATCH 1/3] Security: Set supplemental groups correctly when dropping
 privileges.

https://bugzilla.redhat.com/show_bug.cgi?id=741289

(Thanks to Steve Grubb for finding the bug and suggesting a fix)
---
 vhostmd/vhostmd.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/vhostmd/vhostmd.c b/vhostmd/vhostmd.c
index 21763af..90ba76d 100644
--- a/vhostmd/vhostmd.c
+++ b/vhostmd/vhostmd.c
@@ -34,6 +34,7 @@
 #include <getopt.h>
 #include <signal.h>
 #include <pwd.h>
+#include <grp.h>
 #include <arpa/inet.h>
 #include <sys/types.h>
 #include <sys/wait.h>
@@ -1115,6 +1116,11 @@ int main(int argc, char *argv[])
 	   goto out;
        }
 
+       if (initgroups (user, pw->pw_gid) == -1) {
+           vu_log (VHOSTMD_ERR, "initgroups: %m");
+           goto out;
+       }
+
        if (setuid (pw->pw_uid) == -1) {
 	   vu_log (VHOSTMD_ERR, "setuid: %d: %m", pw->pw_uid);
 	   goto out;
-- 
1.8.3.1