sendmail 8.8.4 and initgroups

[mikedoug () texas net (Michael Douglass)]

Okay, call me annoying; but call me concerned...

Why is it that the initgroups() is not done until deliver.c???  I'm confused.
The *purpose* behind the setuid/setgid/initgroups is for security right?  So
in main, you have:

 if (OpMode != MD_DAEMON && OpMode != MD_FGDAEMON)
        {
                /* drop privileges -- daemon mode done after socket/bind */
                if (RunAsGid != 0)
                        (void) setgid(RunAsGid);
                if (RunAsUid != 0)
                        (void) setuid(RunAsUid);
        }

and:

                /* drop privileges */
                if (RunAsGid != 0)
                        (void) setgid(RunAsGid);
                if (RunAsUid != 0)
                        (void) setuid(RunAsUid);

So we set the uid and gid here; but we are *STILL* not calling initgroups
here as we should.  There is no reason to keep all of those groups when
we are explicitly saying "use this uid:gid"...  I submitted the patches
to fix this the last time I brought up this initgroups() bug in 8.8.3 and
was told "get 8.8.4"... Well, I got 8.8.4 and it's *still* not fixed.

Here is some more info; I started 8.8.4 and then hand telnetted into the
port.  Here is the credentials from the process:

21780:  e/r/suid=99  e/r/sgid=6
        groups: 1 0 2 3 4 5 6 7 8 9 15 12

*wrong-o-buddy*

Michael Douglass
Texas Networking, Inc.

 "The past is a foreign country; they do things differently there."
      L. P. Hartley, British author. The Go-Between, Prologue (1953).