git: bb9678f1ff68 - stable/14 - comsat: Use initgroups and setgid not just setuid

The branch stable/14 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=bb9678f1ff6881b036220045adb58047332cfb0d

commit bb9678f1ff6881b036220045adb58047332cfb0d
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2024-11-28 16:54:48 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2024-12-04 18:38:31 +0000

    comsat: Use initgroups and setgid not just setuid
    
    PR:             270404
    Reviewed by:    jlduran
    Obtained from:  NetBSD
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D47828
    
    (cherry picked from commit d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d)
---
 libexec/comsat/comsat.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 3f94f8d56201..1a9fb443e68e 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -224,10 +224,11 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset)
 	struct passwd *p;
 	unsigned char line[BUFSIZ];
 
-	/* Set effective uid to user in case mail drop is on nfs */
-	if ((p = getpwnam(user)) == NULL)
-		return;
-	if (setuid(p->pw_uid) != 0)
+	/* Set uid/gid/groups to user's in case mail drop is on nfs */
+	if ((p = getpwnam(user)) == NULL ||
+	    initgroups(p->pw_name, p->pw_gid) == -1 ||
+	    setgid(p->pw_gid) == -1 ||
+	    setuid(p->pw_uid) == -1)
 		return;
 
 	if ((fi = fopen(file, "r")) == NULL)