Last parts of the Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:

* src/chage.c: Make chage -l also drop the saved GID.
 * src/chage.c: Prefer setregid/setreuid to setgid/setuid.

ChangeLog

@@ -1,9 +1,12 @@
 2007-11-17  Nicolas François  <nicolas.francois@centraliens.net>
 
+	Fixes from Openwall patch shadow-4.0.4.1-owl-chage-drop-priv.diff:
 	* src/chage.c: Remove cleanup(). pw_lock is never called. Replace
 	cleanup(2) by spw_unlock and remove the calls to cleanup(1).
 	* src/chage.c: Remove variable pwrw. It is always set to 0. The
 	password database is always read only.
+	* src/chage.c: Make chage -l also drop the saved GID.
+	* src/chage.c: Prefer setregid/setreuid to setgid/setuid.
 
 2007-11-17  Nicolas François  <nicolas.francois@centraliens.net>
 

src/chage.c

@@ -322,6 +322,7 @@ int main (int argc, char **argv)
 	const struct spwd *sp;
 	struct spwd spwd;
 	uid_t ruid;
+	gid_t rgid;
 	int amroot;
 	const struct passwd *pw;
 	struct passwd pwent;
@@ -342,6 +343,7 @@ int main (int argc, char **argv)
 	textdomain (PACKAGE);
 
 	ruid = getuid ();
+	rgid = getgid ();
 	amroot = (ruid == 0);
 #ifdef WITH_SELINUX
 	if (amroot && is_selinux_enabled () > 0)
@@ -547,7 +549,7 @@ int main (int argc, char **argv)
 		exit (E_NOPERM);
 	}
 
-	if (lflg && (setgid (getgid ()) || setuid (ruid))) {
+	if (lflg && (setregid (rgid, rgid) || setreuid (ruid, ruid))) {
 		fprintf (stderr, _("%s: failed to drop privileges (%s)\n"),
 			 Prog, strerror (errno));
 #ifdef WITH_AUDIT