From: Simon Ruderich <simon@ruderich.org>
Date: Sun, 18 May 2014 20:13:23 +0000 (+0200)
Subject: drop group privileges before user privileges
X-Git-Url: https://ruderich.org/simon/gitweb/?p=wall-notify%2Fwall-notify.git;a=commitdiff_plain;h=4fc49b7b8d439b53f17536c11fc7f608e9e9f6d5

drop group privileges before user privileges

This is good practice because there are a few case where group
permissions can't be dropped after the user practice were dropped.
Shouldn't be an issue here, but it can't hurt.
---

diff --git a/src/wall-notify.c b/src/wall-notify.c
index 9056af3..e7106be 100644
--- a/src/wall-notify.c
+++ b/src/wall-notify.c
@@ -214,14 +214,14 @@ static void drop_privileges(void) {
     gid = getgid();
 
     /* Drop all privileges. */
-    if (setresuid(uid, uid, uid) != 0) {
-        perror("setresuid");
-        exit(EXIT_FAILURE);
-    }
     if (setresgid(gid, gid, gid) != 0) {
         perror("setresgid");
         exit(EXIT_FAILURE);
     }
+    if (setresuid(uid, uid, uid) != 0) {
+        perror("setresuid");
+        exit(EXIT_FAILURE);
+    }
 
     /* Verify all privileges were dropped. */
     if (getresuid(&ruid, &euid, &suid) != 0) {