From ebf989e601a137d2c2dd489a614c7ba54b6fc910 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sat, 15 Sep 2001 21:12:49 +1000
Subject:  - (djm) Clear supplemental groups at sshd start to prevent them from
    being propogated to random PAM modules. Based on patch from Redhat via   
 Pekka Savola <pekkas@netcore.fi>

---
 sshd.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'sshd.c')

diff --git a/sshd.c b/sshd.c
index aa822df17..ce13dcaf0 100644
--- a/sshd.c
+++ b/sshd.c
@@ -782,6 +782,10 @@ main(int ac, char **av)
 		log_stderr = 1;
 	log_init(__progname, options.log_level, options.log_facility, log_stderr);
 
+	/* Make supp. groups don't get propogated to PAM modules */
+	if (setgroups(0, NULL) < 0)
+		fatal("setgroups() failed: %.200s", strerror(errno));
+
 	/*
 	 * If not in debugging mode, and not started from inetd, disconnect
 	 * from the controlling terminal, and fork.  The original process
-- 
cgit v1.2.3