[DMD] [PATCH] service: Change gid before uid when dropping privileges.

[David Thompson]

Found this little order of operations issue when trying to button up the
Transmission service.

>From 552eafe882e3c059525e79c0f222becb9d73eb93 Mon Sep 17 00:00:00 2001
From: David Thompson <address@hidden>
Date: Thu, 3 Dec 2015 10:09:34 -0500
Subject: [PATCH] service: Change gid before uid when dropping privileges.

---
 modules/dmd/service.scm | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/modules/dmd/service.scm b/modules/dmd/service.scm
index aece069..34826b1 100644
--- a/modules/dmd/service.scm
+++ b/modules/dmd/service.scm
@@ -614,23 +614,25 @@ false."
            (catch-system-error (close-fdes i))
            (loop (+ i 1)))))
 
-     (when user
+     ;; setgid must be done *before* setuid, otherwise the user will
+     ;; likely no longer have permissions to setgid.
+     (when group
        (catch #t
          (lambda ()
-           (setuid (passwd:uid (getpw user))))
+           (setgid (group:gid (getgr group))))
          (lambda (key . args)
            (format (current-error-port)
-                   "failed to change to user ~s:~%" user)
+                   "failed to change to group ~s:~%" group)
            (print-exception (current-error-port) #f key args)
            (primitive-exit 1))))
 
-     (when group
+     (when user
        (catch #t
          (lambda ()
-           (setgid (group:gid (getgr group))))
+           (setuid (passwd:uid (getpw user))))
          (lambda (key . args)
            (format (current-error-port)
-                   "failed to change to group ~s:~%" group)
+                   "failed to change to user ~s:~%" user)
            (print-exception (current-error-port) #f key args)
            (primitive-exit 1))))
 
-- 
2.5.0

-- 
David Thompson
GPG Key: 0FF1D807