From 804125ff959b1a5a20ace29e8d276956072da535 Mon Sep 17 00:00:00 2001
From: Elliot-Roberts <elliot0000101@gmail.com>
Date: Mon, 25 Oct 2021 03:46:09 -0700
Subject: [PATCH] document `setgroups` call caused by
 `std::os::unix::process::CommandExt.uid`

---
 library/std/src/os/unix/process.rs | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/library/std/src/os/unix/process.rs b/library/std/src/os/unix/process.rs
index 9b94615d24773..ff7cc83bbf4e7 100644
--- a/library/std/src/os/unix/process.rs
+++ b/library/std/src/os/unix/process.rs
@@ -21,6 +21,14 @@ pub trait CommandExt: Sealed {
     /// Sets the child process's user ID. This translates to a
     /// `setuid` call in the child process. Failure in the `setuid`
     /// call will cause the spawn to fail.
+    ///
+    /// # Notes
+    ///
+    /// This will also trigger a call to `setgroups(0, NULL)` in the
+    /// child process if the parent is root and no groups have been
+    /// specified.
+    /// This removes supplementary groups that might have given the child
+    /// unwanted permissions.
     #[stable(feature = "rust1", since = "1.0.0")]
     fn uid(
         &mut self,