missing-call-to-setgroups-before-setuid rpmlint error

[photosheep]

This executable is calling setuid and setgid without setgroups or initgroups.
This means it didn't relinquish all groups, and this would be a potential security issue.

While packaging cagebreak for openSUSE, this was caught by the rpm linter. I can't validate the concerns myself, please check POS36-C for more in-depth information.

Related: https://github.com/swaywm/sway/issues/884 https://github.com/WayfireWM/wayfire/issues/696

[project-repo]

Hi photosheep

Thanks for the report! We will address this in the upcoming release (sorry for the delay on porting to wlroots 0.18, we are currently facing some issues due to API changes in the library).

Cheers project-repo

[project-repo]

This has been fixed in release 2.4.0.

We have analyzed the code and it would not have resulted in privilege escalation but only potentially crashed cagebreak on some BSD systems.

Feel free to file any issues you see in the future

cheers project-repo