From ed3d7de6cc76a39a26b85df59db595c4746b61e0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Friedrich=20Scho=CC=88ller?= <hans@schoeller.se>
Date: Fri, 18 Nov 2016 14:28:23 +0100
Subject: [PATCH] Remove supplementary groups when dropping privileges

Suggested by xambroz.
---
 src/worker.cpp | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/worker.cpp b/src/worker.cpp
index 6a48230..d0b7d20 100644
--- a/src/worker.cpp
+++ b/src/worker.cpp
@@ -27,6 +27,7 @@
 #include <sys/types.h>
 #include <unistd.h>
 #include <sys/select.h>
+#include <grp.h>
 
 using namespace std;
 
@@ -203,6 +204,9 @@ void Worker::dropPrivileges()
 #else
     syslog(LOG_INFO, "dropping privileges");
 
+    if (setgroups(0, NULL) == -1)
+        throw Exception("setgroups", true);
+
     if (setgid(gid) == -1)
         throw Exception("setgid", true);