From 4fc49b7b8d439b53f17536c11fc7f608e9e9f6d5 Mon Sep 17 00:00:00 2001 From: Simon Ruderich Date: Sun, 18 May 2014 22:13:23 +0200 Subject: [PATCH] drop group privileges before user privileges This is good practice because there are a few case where group permissions can't be dropped after the user practice were dropped. Shouldn't be an issue here, but it can't hurt. --- src/wall-notify.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/wall-notify.c b/src/wall-notify.c index 9056af3..e7106be 100644 --- a/src/wall-notify.c +++ b/src/wall-notify.c @@ -214,14 +214,14 @@ static void drop_privileges(void) { gid = getgid(); /* Drop all privileges. */ - if (setresuid(uid, uid, uid) != 0) { - perror("setresuid"); - exit(EXIT_FAILURE); - } if (setresgid(gid, gid, gid) != 0) { perror("setresgid"); exit(EXIT_FAILURE); } + if (setresuid(uid, uid, uid) != 0) { + perror("setresuid"); + exit(EXIT_FAILURE); + } /* Verify all privileges were dropped. */ if (getresuid(&ruid, &euid, &suid) != 0) { -- 2.45.2