From d4dd9e22c13896e6b5e2a6fc78dad4f8496cc14d Mon Sep 17 00:00:00 2001
From: Ed Maste <emaste@FreeBSD.org>
Date: Thu, 28 Nov 2024 11:54:48 -0500
Subject: [PATCH] comsat: Use initgroups and setgid not just setuid

PR:		270404
Reviewed by:	jlduran
Obtained from:	NetBSD
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D47828
---
 libexec/comsat/comsat.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/libexec/comsat/comsat.c b/libexec/comsat/comsat.c
index 76f6190bea7b..e2aea1b709b6 100644
--- a/libexec/comsat/comsat.c
+++ b/libexec/comsat/comsat.c
@@ -212,10 +212,11 @@ jkfprintf(FILE *tp, char user[], char file[], off_t offset)
 	struct passwd *p;
 	unsigned char line[BUFSIZ];
 
-	/* Set effective uid to user in case mail drop is on nfs */
-	if ((p = getpwnam(user)) == NULL)
-		return;
-	if (setuid(p->pw_uid) != 0)
+	/* Set uid/gid/groups to user's in case mail drop is on nfs */
+	if ((p = getpwnam(user)) == NULL ||
+	    initgroups(p->pw_name, p->pw_gid) == -1 ||
+	    setgid(p->pw_gid) == -1 ||
+	    setuid(p->pw_uid) == -1)
 		return;
 
 	if ((fi = fopen(file, "r")) == NULL)