GHSA-q38v-wp89-2w55
sh _uid does not drop supplementary groups (incomplete privilege drop)
Details
### Impact The `_uid` option performed an incomplete privilege drop on Linux/Unix-like systems.
When `sh` was run from a process with elevated privileges, such as root, and a command was launched with `_uid=<unprivileged user>`, the child process changed its UID and primary GID but did not reset its supplementary groups. As a result, the child process could retain the parent process’s supplementary groups, potentially including privileged groups such as root, docker, disk, shadow, or sudo.
This could allow a subprocess that was expected to run with reduced privileges to access files or resources available to the original process’s supplementary groups. Users are impacted if they rely on `_uid` as a privilege boundary when launching commands from a privileged parent process.
### Patches Upgrade to version >= 2.2.4
### Workarounds Avoid using `_uid` when the user represents a less-privileged user.
Are you affected?
Enter the version of the package you're using.