Comment # 11 on bug 1095670 from 
I don't understand how 
" POS36-C: "Consequently, it is recommended that a program relinquish
> supplementary group IDs immediately before relinquishing root privileges."

would affect the original submitter.

The problem was the loss of supplementary group ID's upon becoming root,
where as the POS36C section that was quoted says to relinquish such ID's
before relinquishing root privs.

As an aside -- since it was an SUID program it would relinquish it's root privs
upon exit, so it seems pointless to relinquish any groups as the process
goes away.  Maybe in some other circumstance that wouldn't be the case, but 
the 1st point still stands -- the POS36c statement above doesn't say to
relinquish
groups upon becoming root, but on transitioning away from root.

Ideally, the groups active at the beginning of a root session would be
those retained when transitioning away from root.  I.e this would put things
back exactly the way before the UID change.  No doubt it is a fear of people
not getting it right and having additional groups added as root that propagate
to a user.

However, reiterating:

the above POS36 **recommendation** (not requirement), only would seem to apply
when transitioning away from root -- so the original submitter should not have
encountered a problem.

You are receiving this mail because: