/usr/bin/id always reports default primary group as effective, even if it isn't

Solution Verified - Updated -

Issue

  • Running a suid binary that:
    • calls setgid(2) to set the group ID of the calling process
    • calls setegid(2) to set the effective group ID of the calling process
    • call setgroups(2) to clear the supplementary group list
  • From this process run /usr/bin/id -G or groups
  • id(1) or groups(1) will falsely reports the primary group from /etc/passwd as effective
# id -a user1
uid=501(use1r) gid=501(user1) groups=501(user1),1010(group1010)
# su - user1
$ /path/to/suidbinary         # This binary calls execve to run id -G after calling setgid()/setegid()
1010 501

Environment

  • Red Hat Enterprise Linux (RHEL) 6
  • coreutils package version 8.4-19.el6_4.2 (and earlier)

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In