[gpsd] drop also supplementary groups when dropping privileges

[Miroslav Lichvar]

commit ee5763a2bce7d2b09af3398f711c890e967698fd
Author: Miroslav Lichvar <mlichvar at redhat.com>
Date:   Mon Nov 25 13:24:30 2013 +0100

    drop also supplementary groups when dropping privileges

 gpsd-setgroups.patch |   23 +++++++++++++++++++++++
 gpsd.spec            |    3 +++
 2 files changed, 26 insertions(+), 0 deletions(-)
---
diff --git a/gpsd-setgroups.patch b/gpsd-setgroups.patch
new file mode 100644
index 0000000..0afb91c
--- /dev/null
+++ b/gpsd-setgroups.patch
@@ -0,0 +1,23 @@
+commit c3f7db262c8e2e615dae9c3db6f0385bddc48df2
+Author: Miroslav Lichvar <mlichvar at redhat.com>
+Date:   Fri Nov 22 18:19:41 2013 +0100
+
+    Drop also supplementary groups when dropping privileges.
+    
+    Signed-off-by: Eric S. Raymond <esr at thyrsus.com>
+
+diff --git a/gpsd.c b/gpsd.c
+index c77f684..76d1850 100644
+--- a/gpsd.c
++++ b/gpsd.c
+@@ -2059,6 +2059,10 @@ int main(int argc, char *argv[])
+ 	 * of any compromises in the code.  It requires that all GPS
+ 	 * devices have their group read/write permissions set.
+ 	 */
++	if (setgroups(0, NULL) != 0)
++	    gpsd_report(context.debug, LOG_ERROR,
++			"setgroups() failed, errno %s\n",
++			strerror(errno));
+ 	/*@-type@*/
+ #ifdef GPSD_GROUP
+ 	{
diff --git a/gpsd.spec b/gpsd.spec
index ec941ea..dc4d420 100644
--- a/gpsd.spec
+++ b/gpsd.spec
@@ -17,6 +17,8 @@ Patch1: gpsd-nolibcap.patch
 Patch2: gpsd-linkflags.patch
 # set time stamp in chrony SOCK sample correctly
 Patch3: gpsd-chronyts.patch
+# drop also supplementary groups when dropping privileges
+Patch4: gpsd-setgroups.patch
 
 BuildRequires: dbus-devel dbus-glib-devel ncurses-devel xmlto python-devel
 BuildRequires: scons desktop-file-utils bluez-libs-devel pps-tools-devel
@@ -82,6 +84,7 @@ can run on a serial terminal or terminal emulator.
 %patch1 -p1 -b .nolibcap
 %patch2 -p1 -b .linkflags
 %patch3 -p1 -b .chronyts
+%patch4 -p1 -b .setgroups
 
 %build
 export CCFLAGS="%{optflags}"