openssh unix dev - Jul 2018 - Supplementary groups not set for AuthorizedKeysCommand

Hey,

We just discovered that when sshd forks to execute the 
AuthorizedKeysCommand, it only runs setres{u,g}id in the new thread, but 
not setgroups, which means that the supplementary groups are never set 
in the new thread.  This feels quite strange, so I was wondering whether 
this is intended behaviour or not.  If not, it would be quite easy to 
fix this.

-- 
Sincerely,
  Johannes L?thberg
  PGP Key ID: 0x50FB9B273A9D0BB5
  PGP Key FP: 5134 EF9E AF65 F95B 6BB1  608E 50FB 9B27 3A9D 0BB5
  https://theos.kyriasis.com/~kyrias/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1727 bytes
Desc: signature
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20180729/750e3659/attachment.asc>

On Sun, 29 Jul 2018, Johannes L?thberg wrote:
> Hey,
> 
> We just discovered that when sshd forks to execute the 
> AuthorizedKeysCommand, it only runs setres{u,g}id in the new thread, but 
> not setgroups, which means that the supplementary groups are never set 
> in the new thread.  This feels quite strange, so I was wondering whether 
> this is intended behaviour or not.  If not, it would be quite easy to 
> fix this.
Hi,

Could you file a bug at https://bugzilla.mindrot.org so this doesn't
get lost?

Thanks,
Damien