From: Jorge Rocha Gualtieri <jorge@jrg.com.br>
Date: Wed, 11 Oct 2023 11:43:20 +0200
Subject: Runs PAM_REINITIALIZE_CRED after fork to apply correct rights to
 child process.

Last-Update: 2021-03-01
Bug-Debian: https://bugs.debian.org/983817
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1917350

The feature provided by this patch is tested with the script
debian/tests/check-messages-sent-by-cron (second part of the script)
---
 do_command.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/do_command.c b/do_command.c
index b649c61..f3c37f8 100644
--- a/do_command.c
+++ b/do_command.c
@@ -231,6 +231,12 @@ child_process(e, u)
 		  exit(ERROR_EXIT);
 		}
 # endif
+
+#if defined(USE_PAM)
+                if (pamh != NULL) {
+                        pam_setcred(pamh, PAM_REINITIALIZE_CRED | PAM_SILENT);
+                }
+#endif
 		if (setuid(e->uid) !=0) { /* we aren't root after this... */
 			char msg[256];
 			snprintf(msg, 256, "do_command:setuid(%lu) failed: %s",