From cc9c4df2898b88038af11245a0598920e255ac25 Mon Sep 17 00:00:00 2001
From: Neil Brown <neilb@notabene.brown>
Date: Fri, 20 Apr 2007 12:42:29 +1000
Subject: [PATCH] drop priv groups as well as uid.

This isn't really needed as no file access is done,
but Debian does it so...
---
 pmap_check.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pmap_check.c b/pmap_check.c
index b716be4..2b8914e 100644
--- a/pmap_check.c
+++ b/pmap_check.c
@@ -50,6 +50,7 @@ sccsid[] = "@(#) pmap_check.c 1.8 96/07/07 10:49:10";
 #endif
 #include <tcpd.h>
 #include <arpa/inet.h>
+#include <grp.h>
 
 #include "pmap_check.h"
 
@@ -105,6 +106,8 @@ void check_startup(void)
      * Give up root privileges so that we can never allocate a privileged
      * port when forwarding an rpc request.
      */
+    setgid(1);
+    setgroups(0, NULL);
     if (setuid(1) == -1) {
 	syslog(LOG_ERR, "setuid(1) failed: %m");
 	exit(1);
-- 
2.39.5