From 44cad9630f25f7f1c6a9263c031e453170b2f489 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Tue, 5 Dec 2006 18:28:15 +0000 Subject: [PATCH] * Urgh. Do setgid() before setuid(), because the semantics of setgid() changes completely depending on whether you're root... --- src/libstore/build.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 6e71c2c7d..e4829883f 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1364,13 +1364,13 @@ void DerivationGoal::startBuilder() if (setgroups(0, 0) == -1) throw SysError("cannot clear the set of supplementary groups"); - setuid(buildUser.getUID()); - assert(getuid() == buildUser.getUID()); - assert(geteuid() == buildUser.getUID()); - setgid(gidBuildGroup); assert(getgid() == gidBuildGroup); assert(getegid() == gidBuildGroup); + + setuid(buildUser.getUID()); + assert(getuid() == buildUser.getUID()); + assert(geteuid() == buildUser.getUID()); } /* Execute the program. This should not return. */