...
Under normal circumstances setuid() and related calls do not alter the supplemental group privileges. However, a setuid-root program can grant itself supplemental group ids and then relinquish root privileges, in which icase case it maintains the supplemental group ids, but lacks the privilege necessary to relinquish them. Consequently, it is recommended that a program relinquish supplemental group privileges immediately before relinquishing root privileges.
POS37POS36-C. Ensure that privilege relinquishment is successfulObserve correct revocation order while relinquishing privileges discusses how to drop supplemental group privileges. To ensure that supplemental group privileges are indeed relinquished, you can use the following eql_sups function:
...