I noticed that supplementary groups (getgroups(2)/setgroups(2)) are not shared between the threads in a multithreaded program. I would expect that since [e]uid and [e]gid are, so should the supplementary groups? I checked the source and I can see that set*id() calls use the setxid API to synchronize the ids between the threads, but setgroups() does not do that; I guess that's the problem. I didn't try to compile the latest version, but the source is the same in that respect... This is with kernel 2.6.30, gcc 4.3.2, binutils 2.18, but I don't think this matters all that much, as I first saw it on a completely different platform (PPC64 SLES 10). I'll attach a self-contained testcode. It needs to be run as root. I'm getting the following output: "Initial groups: 0, 1, 2, 3, 4, 6, 10, 11, 20, 26, 27 Launched a new thread Changing groups in the main thread... Main thread groups: 12345 Launched thread groups: 0, 1, 2, 3, 4, 6, 10, 11, 20, 26, 27" Instead, I would expect the last line to be "12345".
Created attachment 4151 [details] self-contained testcase
Created attachment 5187 [details] use INLINE_SETXID_SYSCALL for setgroups() The attached patch converts setgroups() to use INLINE_SETXID_SYSCALL which should hopefully fix the problem. I havn't tested it, and don't know if there is anything else that needs to be done.
Created attachment 5188 [details] Additional testcase
I checked in some changes.
This should probably treated as a security issue because it can interact with relinquishing privileges.
Fixed in commit 70181fddf1467996bea393d13294ffe76b8a0853, which went into glibc 2.13.