From 5d0541a98e4485c6d28480088f449261d9cd68aa Mon Sep 17 00:00:00 2001
From: Ted Gould <ted@gould.cx>
Date: Thu, 30 Aug 2012 11:58:02 -0500
Subject: Clear the groups when dropping privs

---
 src/pam-freerdp.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'src')

diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index ed83402..90686a9 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -27,6 +27,7 @@
 #include <sys/mman.h>
 #include <sys/un.h>
 #include <pwd.h>
+#include <grp.h>
 
 #include <security/pam_modules.h>
 #include <security/pam_modutil.h>
@@ -238,6 +239,10 @@ pam_sm_authenticate (pam_handle_t *pamh, int flags, int argc, const char **argv)
 			_exit(EXIT_FAILURE);
 		}
 
+		if (setgroups(1, &pwdent->pw_gid) != 0) {
+			_exit(EXIT_FAILURE);
+		}
+
 		if (clearenv() != 0) {
 			_exit(EXIT_FAILURE);
 		}
@@ -305,6 +310,11 @@ session_socket_handler (struct passwd * pwdent, int readypipe, const char * ruse
 		return EXIT_FAILURE;
 	}
 
+	if (setgroups(1, &pwdent->pw_gid) != 0) {
+		/* Don't need to clean up yet */
+		return EXIT_FAILURE;
+	}
+
 	if (clearenv() != 0) {
 		/* Don't need to clean up yet */
 		return EXIT_FAILURE;
-- 
cgit v1.2.3