cmd/hsu: check against setgid bit

The getgroups behaviour is already checked for, but it never hurts to be more careful in a setuid program. Signed-off-by: Ophestra <cat@gensokyo.uk>
2025-10-08 18:22:24 +09:00
parent 9b507715d4
commit 5bf28901a4
3 changed files with 4 additions and 3 deletions
--- a/nixos.nix
+++ b/nixos.nix
@@ -51,11 +51,9 @@ in
    ];

    security.wrappers.hsu = {
-
      source = "${cfg.hsuPackage}/bin/hsu";
      setuid = true;
      owner = "root";
-      setgid = true;
      group = "root";
    };