-actually make use of SGID permissions

diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c
index 6337538d10a9a8f83886772df29a606c38e7634c..644f2e1c8b5467e1a450846ea2da25b26e47a717 100644 (file)
--- a/src/dns/gnunet-service-dns.c
+++ b/src/dns/gnunet-service-dns.c
@@ -1672,6 +1672,25 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
 int
 main (int argc, char *const *argv)
 {
+  /* make use of SGID capabilities on POSIX */
+  /* FIXME: this might need a port on systems without 'getresgid' */
+#if HAVE_GETRESGID
+  gid_t rgid;
+  gid_t egid;
+  gid_t sgid;
+
+  if (-1 == getresgid (&rgid, &egid, &sgid))
+  {
+    fprintf (stderr,
+            "getresgid failed: %s\n",
+            strerror (errno));
+  }
+  else if (sgid != rgid)
+  {    
+    if (-1 ==  setregid (sgid, sgid))
+      fprintf (stderr, "setregid failed: %s\n", strerror (errno));
+  }
+#endif
   return (GNUNET_OK ==
           GNUNET_SERVICE_run (argc, argv, "dns", GNUNET_SERVICE_OPTION_NONE,
                               &run, NULL)) ? global_ret : 1;