Re: How to lose extra groups? setgroups()?

Theodore Y. Ts'o (tytso@MIT.EDU)
Mon, 3 Mar 1997 12:26:57 -0500

Date: Mon, 03 Mar 1997 02:58:54 -0500
From: Brian Dowling <>

You guys fixed that saved-set user id security hole, so a program can
call setreuid(geteuid(), geteuid()) to drop UID privilege of the
caller, but I can't see any way to get rid of extra groups. I did
figure out that I could also make the program setgid to set the
"default group" to be what I want, but this still leaves the
additional groups (which included at least the caller's default

I found a manpage at
-- although I have no idea what system this is referring to, it mentions
that a _any_ program can delete groups, even non-privleged ones. But
looking at the kernel source, this is not true in linux. If it was, I
would expect I would be able to call setgroups with just the groups I
want (a subset of what the program currently has).

Note that this ***changes*** the security properties of groups, since
groups can be used to *restrict* access to a directories. For example,
users could be put into the group lusers, and they won't have access to
a directory which mode 705, group lusers.

- Ted