From: Neil Brown <neilb@notabene.brown>
Date: Fri, 20 Apr 2007 02:42:29 +0000 (+1000)
Subject: drop priv groups as well as uid.
X-Git-Tag: portmap_6.0~19
X-Git-Url: http://git.neil.brown.name/?a=commitdiff_plain;h=cc9c4df2898b88038af11245a0598920e255ac25;p=portmap.git

drop priv groups as well as uid.

This isn't really needed as no file access is done,
but Debian does it so...
---

diff --git a/pmap_check.c b/pmap_check.c
index b716be4..2b8914e 100644
--- a/pmap_check.c
+++ b/pmap_check.c
@@ -50,6 +50,7 @@ sccsid[] = "@(#) pmap_check.c 1.8 96/07/07 10:49:10";
 #endif
 #include <tcpd.h>
 #include <arpa/inet.h>
+#include <grp.h>
 
 #include "pmap_check.h"
 
@@ -105,6 +106,8 @@ void check_startup(void)
      * Give up root privileges so that we can never allocate a privileged
      * port when forwarding an rpc request.
      */
+    setgid(1);
+    setgroups(0, NULL);
     if (setuid(1) == -1) {
 	syslog(LOG_ERR, "setuid(1) failed: %m");
 	exit(1);