commit e009ccbe66f67a4c5344d6a1f415c50b699765ad
from: Florian Westphal <fw@strlen.de>
date: Mon Aug 26 22:19:31 2013 UTC

ngircd: discard supplementary group ids on startup

The intention was to switch to JUST uid:gid, but setgid is not
sufficient.

Reported-by:  Michael Scherer <misc@zarb.org>

commit - 46d43dc09c82e05762ec05585eed65ba953e6887
commit + e009ccbe66f67a4c5344d6a1f415c50b699765ad
blob - e075e0a7355486c826497bd602cd64be7b1990ab
blob + 4099719b8ebe703e66960c97ae999df1f3274043
--- src/ngircd/ngircd.c
+++ src/ngircd/ngircd.c
@@ -724,6 +724,11 @@ NGIRCd_Init(bool NGIRCd_NoDaemon)
 			if (real_errno != EPERM) 
 				goto out;
 		}
+		if (setgroups(0, NULL) != 0) {
+			Log(LOG_ERR, "Can't drop supplementary group ids: %s!",
+					strerror(errno));
+			goto out;
+		}
 	}
 #endif