From bdc00df54d97c2825ce37dd1c249f633f199a80b Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <jak@debian.org>
Date: Wed, 24 Sep 2014 21:53:45 +0200
Subject: DropPrivs: Move the re-set uid/gid thing to the end of the function

Git-Dch: ignore
---
 apt-pkg/contrib/fileutl.cc | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/apt-pkg/contrib/fileutl.cc b/apt-pkg/contrib/fileutl.cc
index 7ccaaa03f..6b54c81f9 100644
--- a/apt-pkg/contrib/fileutl.cc
+++ b/apt-pkg/contrib/fileutl.cc
@@ -2213,13 +2213,6 @@ bool DropPrivs()
    if (seteuid(pw->pw_uid) != 0)
       return _error->Errno("seteuid", "Failed to seteuid");
 
-   // Check that uid and gid changes do not work anymore
-   if (pw->pw_gid != old_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1))
-      return _error->Error("Could restore a gid to root, privilege dropping did not work");
-
-   if (pw->pw_uid != old_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
-      return _error->Error("Could restore a uid to root, privilege dropping did not work");
-
    // Verify that the user has only a single group, and the correct one
    gid_t groups[1];
    if (getgroups(1, groups) != 1)
@@ -2257,5 +2250,12 @@ bool DropPrivs()
       return _error->Error("Could not switch saved set-group-ID");
 #endif
 
+   // Check that uid and gid changes do not work anymore
+   if (pw->pw_gid != old_gid && (setgid(old_gid) != -1 || setegid(old_gid) != -1))
+      return _error->Error("Could restore a gid to root, privilege dropping did not work");
+
+   if (pw->pw_uid != old_uid && (setuid(old_uid) != -1 || seteuid(old_uid) != -1))
+      return _error->Error("Could restore a uid to root, privilege dropping did not work");
+
    return true;
 }
-- 
cgit v1.2.3