Blame SOURCES/openssh-8.7p1-upstream-cve-2021-41617.patch

5dbb6f
diff --git a/misc.c b/misc.c
5dbb6f
index b8d1040d..0134d694 100644
5dbb6f
--- a/misc.c
5dbb6f
+++ b/misc.c
5dbb6f
@@ -56,6 +56,7 @@
5dbb6f
 #ifdef HAVE_PATHS_H
5dbb6f
 # include <paths.h>
5dbb6f
 #include <pwd.h>
5dbb6f
+#include <grp.h>
5dbb6f
 #endif
5dbb6f
 #ifdef SSH_TUN_OPENBSD
5dbb6f
 #include <net/if.h>
5dbb6f
@@ -2695,6 +2696,12 @@ subprocess(const char *tag, const char *command,
5dbb6f
 		}
5dbb6f
 		closefrom(STDERR_FILENO + 1);
5dbb6f
 
5dbb6f
+		if (geteuid() == 0 &&
5dbb6f
+		    initgroups(pw->pw_name, pw->pw_gid) == -1) {
5dbb6f
+			error("%s: initgroups(%s, %u): %s", tag,
5dbb6f
+			    pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
5dbb6f
+			_exit(1);
5dbb6f
+		}
5dbb6f
 		if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
5dbb6f
 			error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
5dbb6f
 			    strerror(errno));