Previously, group list was cleared during privilege de-escalation. This causes
profiles scripts to be run as the local user with an empty group list. This can
cause issues when, eg, the 'video' group is required for backlight control,
and the user is trying to invoke xbacklight from postswitch.sh.
# so it should be safe. Also, note that since the environment
# is taken from a process owned by the user, reusing it should
# not leak any information.
- os.setgroups([])
+ os.setgroups(os.getgrouplist(pwent.pw_name, pwent.pw_gid))
os.setresgid(pwent.pw_gid, pwent.pw_gid, pwent.pw_gid)
os.setresuid(pwent.pw_uid, pwent.pw_uid, pwent.pw_uid)
os.chdir(pwent.pw_dir)