rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.Referenceshttp://osvdb.org/32971https://issues.rpath.com/browse/RPL-1002
