From 0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed Mon Sep 17 00:00:00 2001
From: Luiz Angelo Daros de Luca <luizluca@gmail.com>
Date: Tue, 24 Jul 2018 15:59:39 -0300
Subject: [PATCH] server: clean supplementary groups when setuid
Upstream: merged
References: https://github.com/NetworkBlockDevice/nbd/commit/0cd9e3ba2a0f54d930d813bfde9ff9d57a12d9ed
References: gh#NetworkBlockDevice/nbd#79
References: https://github.com/NetworkBlockDevice/nbd/pull/79 

When nbd-server drops privileges, it was leaving supplementary
groups untouched. As nbd-server was normally dropping from root,
nbd-server kept membership to root supplementary groups.

Signed-off-by: Luiz Angelo Daros de Luca <luizluca@gmail.com>
---
 nbd-server.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nbd-server.c b/nbd-server.c
index 1d1f4c8d..b0720ea1 100644
--- a/nbd-server.c
+++ b/nbd-server.c
@@ -3470,6 +3470,7 @@ void dousers(const gchar *const username, const gchar *const groupname) {
 			str = g_strdup_printf("Invalid user name: %s", username);
 			err(str);
 		}
+		setgroups(0, NULL);
 		if(setuid(pw->pw_uid)<0) {
 			err("Could not set UID: %m");
 		}