cmd/hsu: check against setgid bit

The getgroups behaviour is already checked for, but it never hurts to be more careful in a setuid program.

Signed-off-by: Ophestra <cat@gensokyo.uk>

cmd/hsu/main.go

@@ -34,6 +34,9 @@ func main() {
 	if os.Geteuid() != 0 {
 		log.Fatal("this program must be owned by uid 0 and have the setuid bit set")
 	}
+	if os.Getegid() != os.Getgid() {
+		log.Fatal("this program must not have the setgid bit set")
+	}
 
 	puid := os.Getuid()
 	if puid == 0 {