From: Marco d'Itri <md@linux.it>
Date: Sat, 14 May 2022 02:57:49 +0800
Subject: initgroups

---
 options.c     | 23 +++++++++++++++++++----
 safe_finger.c |  2 ++
 2 files changed, 21 insertions(+), 4 deletions(-)

diff --git a/options.c b/options.c
index 23f907f..7a21ca0 100644
--- a/options.c
+++ b/options.c
@@ -262,8 +262,12 @@ struct request_info *request;
 	tcpd_jump("unknown group: \"%s\"", value);
     endgrent();
 
-    if (dry_run == 0 && setgid(grp->gr_gid))
-	tcpd_jump("setgid(%s): %m", value);
+    if (dry_run != 0) {
+        if (setgid(grp->gr_gid))
+	   tcpd_jump("setgid(%s): %m", value);
+        if (setgroups(0, NULL))
+	   tcpd_jump("setgroups(%s): %m", value);
+    }
 }
 
 /* user_option - switch user id */
@@ -277,15 +281,26 @@ struct request_info *request;
     struct passwd *pwd;
     struct passwd *getpwnam();
     char   *group;
+    int    defaultgroup = 0;
 
     if ((group = split_at(value, '.')) != 0)
 	group_option(group, request);
+    else
+	defaultgroup = 1;
     if ((pwd = getpwnam(value)) == 0)
 	tcpd_jump("unknown user: \"%s\"", value);
     endpwent();
 
-    if (dry_run == 0 && setuid(pwd->pw_uid))
-	tcpd_jump("setuid(%s): %m", value);
+    if (dry_run != 0) {
+        if (setuid(pwd->pw_uid))
+	    tcpd_jump("setuid(%s): %m", value);
+	if (defaultgroup) {
+            if (setgid(pwd->pw_gid))
+	       tcpd_jump("setgid(%s): %m", value);
+            if (initgroups(value, pwd->pw_gid))
+	       tcpd_jump("initgroups(%s): %m", value);
+	}
+    }
 }
 
 /* umask_option - set file creation mask */
diff --git a/safe_finger.c b/safe_finger.c
index 0567ac0..0886832 100644
--- a/safe_finger.c
+++ b/safe_finger.c
@@ -69,9 +69,11 @@ char  **argv;
     if (getuid() == 0 || geteuid() == 0) {
 	if ((pwd = getpwnam(UNPRIV_NAME)) && pwd->pw_uid > 0) {
 	    setgid(pwd->pw_gid);
+	    initgroups(UNPRIV_NAME, pwd->pw_gid);
 	    setuid(pwd->pw_uid);
 	} else {
 	    setgid(UNPRIV_UGID);
+	    setgroups(0, NULL);
 	    setuid(UNPRIV_UGID);
 	}
     }
