From adabd28b46c65ae9b38ee09c5593c6daa96e5978 Mon Sep 17 00:00:00 2001
From: Erik Ekman <yarrick@kryo.se>
Date: Sat, 12 Jul 2008 12:05:59 +0000
Subject: [PATCH] applied security patch from Andrew Griffiths, limit user
 groups

---
 src/iodine.c  | 4 +++-
 src/iodined.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/iodine.c b/src/iodine.c
index 1132e44..def8bbf 100644
--- a/src/iodine.c
+++ b/src/iodine.c
@@ -730,7 +730,9 @@ main(int argc, char **argv)
 		do_chroot(newroot);
 	
 	if (username != NULL) {
-		if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
+		gid_t gids[1];
+		gids[0] = pw->pw_gid;
+		if (setgroups(1, gids) < 0 || setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
 			warnx("Could not switch to user %s!\n", username);
 			usage();
 		}
diff --git a/src/iodined.c b/src/iodined.c
index b5d508c..6090a2f 100644
--- a/src/iodined.c
+++ b/src/iodined.c
@@ -583,7 +583,9 @@ main(int argc, char **argv)
 
 	signal(SIGINT, sigint);
 	if (username != NULL) {
-		if (setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
+		gid_t gids[1];
+		gids[0] = pw->pw_gid;
+		if (setgroups(1, gids) < 0 || setgid(pw->pw_gid) < 0 || setuid(pw->pw_uid) < 0) {
 			warnx("Could not switch to user %s!\n", username);
 			usage();
 		}