Make sure we call setgroups() after setuid(). (Ethan Benson)

NEWS

@@ -1,5 +1,10 @@
 rsync 2.5.3 (not released yet)
 
+  SECURITY FIXES:
+
+    * Make sure that supplementary groups are removed from a server
+      process after changing uid and gid. (Ethan Benson)
+
   ENHANCEMENTS:
 
     * Command to initiate connections is only shown with -vv, rather

clientserver.c

@@ -294,6 +294,16 @@ static int rsync_module(int fd, int i)
 			return -1;
 		}
 
+#ifdef HAVE_SETGROUPS
+		/* Get rid of any supplementary groups this process
+		 * might have inheristed. */
+		if (setgroups(0, NULL)) {
+			rsyserr(FERROR, errno, "setgroups failed");
+			io_printf(fd, "@ERROR: setgroups failed\n");
+			return -1;
+		}
+#endif
+
 		am_root = (getuid() == 0);
 	}
 

configure.in

@@ -351,7 +351,7 @@ AC_FUNC_UTIME_NULL
 AC_CHECK_FUNCS(waitpid wait4 getcwd strdup strerror chown chmod mknod)
 AC_CHECK_FUNCS(fchmod fstat strchr readlink link utime utimes strftime)
 AC_CHECK_FUNCS(memmove lchown vsnprintf snprintf asprintf setsid glob strpbrk)
-AC_CHECK_FUNCS(strlcat strlcpy mtrace mallinfo)
+AC_CHECK_FUNCS(strlcat strlcpy mtrace mallinfo setgroups)
 
 AC_CACHE_CHECK([for working socketpair],rsync_cv_HAVE_SOCKETPAIR,[
 AC_TRY_RUN([

log.c

@@ -342,6 +342,8 @@ void rsyserr(enum logcode code, int errcode, const char *format, ...)
 	len = vsnprintf(buf, sizeof(buf), format, ap);
 	va_end(ap);
 
+	/* TODO: Put in RSYNC_NAME at the start. */
+
 	if ((size_t) len > sizeof(buf)-1)
 		exit_cleanup(RERR_MESSAGEIO);