From 19f2cebd489786a81f499d45585494ab9f497f14 Mon Sep 17 00:00:00 2001
From: Karel Zak <kzak@redhat.com>
Date: Thu, 17 Jun 2021 12:21:04 +0200
Subject: [PATCH] more: fix setuid/setgid order

The rule is pretty simple, always use setgid() before setuid().

Reported-by: Jan Pazdziora <jpazdziora@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
---
 text-utils/more.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/text-utils/more.c b/text-utils/more.c
index ee42dffb9b..3cb2ca3af3 100644
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -1250,10 +1250,10 @@ static void execute(struct more_control *ctl, char *filename, char *cmd, ...)
 		va_end(argp);
 
 		if (geteuid() != getuid() || getegid() != getgid()) {
-			if (setuid(getuid()) < 0)
-				err(EXIT_FAILURE, _("setuid failed"));
 			if (setgid(getgid()) < 0)
 				err(EXIT_FAILURE, _("setgid failed"));
+			if (setuid(getuid()) < 0)
+				err(EXIT_FAILURE, _("setuid failed"));
 		}
 
 		execvp(cmd, args);
-- 
2.47.3