[dmd] 02/03: service: Change GID before UID when dropping privileges.

[Ludovic Courtès]

civodul pushed a commit to branch master
in repository dmd.

commit 88a1a712af92f6e8dbc1064d46e056998c6084e6
Author: David Thompson <address@hidden>
Date:   Thu Dec 3 10:09:34 2015 -0500

    service: Change GID before UID when dropping privileges.
    
    * modules/dmd/service.scm (exec-command): Move 'setgid' call before
    'setuid' call.
    
    Signed-off-by: Ludovic Courtès <address@hidden>
---
 modules/dmd/service.scm |   14 ++++++++------
 1 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/modules/dmd/service.scm b/modules/dmd/service.scm
index aece069..34826b1 100644
--- a/modules/dmd/service.scm
+++ b/modules/dmd/service.scm
@@ -614,23 +614,25 @@ false."
            (catch-system-error (close-fdes i))
            (loop (+ i 1)))))
 
-     (when user
+     ;; setgid must be done *before* setuid, otherwise the user will
+     ;; likely no longer have permissions to setgid.
+     (when group
        (catch #t
          (lambda ()
-           (setuid (passwd:uid (getpw user))))
+           (setgid (group:gid (getgr group))))
          (lambda (key . args)
            (format (current-error-port)
-                   "failed to change to user ~s:~%" user)
+                   "failed to change to group ~s:~%" group)
            (print-exception (current-error-port) #f key args)
            (primitive-exit 1))))
 
-     (when group
+     (when user
        (catch #t
          (lambda ()
-           (setgid (group:gid (getgr group))))
+           (setuid (passwd:uid (getpw user))))
          (lambda (key . args)
            (format (current-error-port)
-                   "failed to change to group ~s:~%" group)
+                   "failed to change to user ~s:~%" user)
            (print-exception (current-error-port) #f key args)
            (primitive-exit 1))))