From 9ef65e0f4c697eade80ca5986ca1964ce42d0347 Mon Sep 17 00:00:00 2001
From: MadMaurice <madmaurice@zom.bi>
Date: Fri, 15 Jan 2021 20:22:22 +0100
Subject: [PATCH] Drop group rights first

We might not be able to drop group rights after dropping user rights
so do group rights first.
---
 main.c | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/main.c b/main.c
index 7a241a0..23a60c4 100644
--- a/main.c
+++ b/main.c
@@ -14,15 +14,9 @@ pid_t pid_child;
 
 void drop_root(void)
 {
-  uid_t uid = getuid();
-  // Drop root privileges
-  if (setresuid(-1,uid,uid) == -1)
-    {
-      int err = errno;
-      printf("Failed to drop root privileges with setresuid (%d)\n", err);
-      exit(err);
-    }
-
+  /// Drop root privileges
+  // First group then user because we might not
+  // be able to drop group once we dropped user
   gid_t gid = getgid();
   if (setresgid(-1,gid,gid) == -1)
     {
@@ -31,6 +25,14 @@ void drop_root(void)
       exit(err);
     }
 
+  uid_t uid = getuid();
+  if (setresuid(-1,uid,uid) == -1)
+    {
+      int err = errno;
+      printf("Failed to drop root privileges with setresuid (%d)\n", err);
+      exit(err);
+    }
+
   // sanity check
   if (seteuid(0) != -1)
     {