From cffedc346363cfffe273b7340735ddae9297dbbf Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Sat, 14 Jul 2012 23:41:22 +0000
Subject: [PATCH] -actually make use of SGID permissions

---
 src/dns/gnunet-service-dns.c | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c
index 6337538d1..644f2e1c8 100644
--- a/src/dns/gnunet-service-dns.c
+++ b/src/dns/gnunet-service-dns.c
@@ -1672,6 +1672,25 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
 int
 main (int argc, char *const *argv)
 {
+  /* make use of SGID capabilities on POSIX */
+  /* FIXME: this might need a port on systems without 'getresgid' */
+#if HAVE_GETRESGID
+  gid_t rgid;
+  gid_t egid;
+  gid_t sgid;
+
+  if (-1 == getresgid (&rgid, &egid, &sgid))
+  {
+    fprintf (stderr,
+	     "getresgid failed: %s\n",
+	     strerror (errno));
+  }
+  else if (sgid != rgid)
+  {    
+    if (-1 ==  setregid (sgid, sgid))
+      fprintf (stderr, "setregid failed: %s\n", strerror (errno));
+  }
+#endif
   return (GNUNET_OK ==
           GNUNET_SERVICE_run (argc, argv, "dns", GNUNET_SERVICE_OPTION_NONE,
                               &run, NULL)) ? global_ret : 1;
-- 
2.25.1