Drop membership of all supplementary groups (CVE-2022-0358)
At the start, drop membership of all supplementary groups. This is not required.
If we have membership of "root" supplementary group and when we switch uid/gid using setresuid/setsgid, we still retain membership of existing supplemntary groups. And that can allow some operations which are not normally allowed.
For example, if root in guest creates a dir as follows.
$ mkdir -m 03777 test_dir
This sets SGID on dir as well as allows unprivileged users to write into this dir.
And now as unprivileged user open file as follows.
$ su test $ fd = open("test_dir/priviledge_id", O_RDWR|O_CREAT|O_EXCL, 02755);
This will create SGID set executable in test_dir/.
And that's a problem because now an unpriviliged user can execute it, get egid=0 and get access to resources owned by "root" group. This is privilege escalation.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2044863 Fixes: CVE-2022-0358 Reported-by: JIETAO XIAO shawtao1125@gmail.com Suggested-by: Miklos Szeredi mszeredi@redhat.com Suggested-by: Vivek Goyal vgoyal@redhat.com