From c50accfaec4394f25c472e133060419b4f8b9042 Mon Sep 17 00:00:00 2001
From: Solderpunk <solderpunk@posteo.net>
Date: Thu, 23 Feb 2023 20:03:21 +0100
Subject: [PATCH] Only drop supplementary groups if root is amongst them.

---
 security_dropprivs.go | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/security_dropprivs.go b/security_dropprivs.go
index 8e6aee5..e858048 100644
--- a/security_dropprivs.go
+++ b/security_dropprivs.go
@@ -77,12 +77,10 @@ func DropPrivs(ui userInfo) error {
 	}
 
 	// Drop supplementary groups
-	err := syscall.Setgroups([]int{})
-	if err != nil {
-		// Log failure
-		log.Println("Could not unset supplementary groups: " + err.Error())
-		// Make this fatal if root was amongst supplementary groups
-		if ui.root_supp_group {
+	if ui.root_supp_goup {
+		err := syscall.Setgroups([]int{})
+		if err != nil {
+			log.Println("Could not unset supplementary groups: " + err.Error())
 			return err
 		}
 	}