+++ This bug was initially created as a clone of Bug #903293 +++ Description of problem: As noted in bug #894626 and in: [1] http://www.openwall.com/lists/oss-security/2013/01/23/7 haproxy previously failed to drop supplementary groups properly when trying to drop root privileges. By itself this problem is not a security flaw, but still serious enough the upstream fix: [2] git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=ab012dd3 to be backported into all of the affected versions. Version-Release number of selected component (if applicable): haproxy-1.3.26-1.el5 How reproducible: Always Steps to Reproduce: 1. See https://bugzilla.redhat.com/show_bug.cgi?id=894626#c0 for further reproducer details Actual results: Supplementary groups are not dropped properly after setuid / setgid calls. Expected results: (All) Supplementary groups should be dropped when dropping root privileges.
This was never backported to haproxy 1.3, which is currently in EPEL 5. Given this is EPEL 5 and a very old version of haproxy, closing this as WONTFIX.