/usr/bin/id always reports default primary group as effective, even if it isn't

Solution Verified - Updated -

Issue

  • Running a suid binary that:
    • calls setgid(2) to set the group ID of the calling process
    • calls setegid(2) to set the effective group ID of the calling process
    • call setgroups(2) to clear the supplementary group list
  • From this process run /usr/bin/id -G or groups
  • id(1) or groups(1) will falsely reports the primary group from /etc/passwd as effective
# id -a user1
uid=501(use1r) gid=501(user1) groups=501(user1),1010(group1010)
# su - user1
$ /path/to/suidbinary         # This binary calls execve to run id -G after calling setgid()/setegid()
1010 501

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • coreutils package version 8.4-19.el6_4.2 (and earlier)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content