From 0a107daff70338b78e4e977fa350c63d08daa56d Mon Sep 17 00:00:00 2001
From: Xin LI <delphij@FreeBSD.org>
Date: Tue, 1 Sep 2015 06:28:16 +0000
Subject: [PATCH] Drop group privileges after opening the kvm descriptor,
 otherwise, the code would not drop privileges as expected.

While there also add checks for the drop and bail out immediately if we
failed.

MFC after:	3 days
---
 usr.bin/bluetooth/btsockstat/btsockstat.c | 14 ++++----------
 1 file changed, 4 insertions(+), 10 deletions(-)

diff --git a/usr.bin/bluetooth/btsockstat/btsockstat.c b/usr.bin/bluetooth/btsockstat/btsockstat.c
index aa85286ee9d..78f61279d47 100644
--- a/usr.bin/bluetooth/btsockstat/btsockstat.c
+++ b/usr.bin/bluetooth/btsockstat/btsockstat.c
@@ -154,9 +154,9 @@ main(int argc, char *argv[])
 	 * Discard setgid privileges if not the running kernel so that
 	 * bad guys can't print interesting stuff from kernel memory.
 	 */
-
 	if (memf != NULL)
-		setgid(getgid());
+		if (setgid(getgid()) != 0)
+			err(1, "setgid");
 
 	kvmd = kopen(memf);
 	if (kvmd == NULL)
@@ -583,15 +583,9 @@ kopen(char const *memf)
 	kvm_t	*kvmd = NULL;
 	char	 errbuf[_POSIX2_LINE_MAX];
 
-	/*
-	 * Discard setgid privileges if not the running kernel so that 
-	 * bad guys can't print interesting stuff from kernel memory.
-	 */
-
-	if (memf != NULL)
-		setgid(getgid());   
-
 	kvmd = kvm_openfiles(NULL, memf, NULL, O_RDONLY, errbuf);
+	if (setgid(getgid()) != 0)
+		err(1, "setgid");
 	if (kvmd == NULL) {
 		warnx("kvm_openfiles: %s", errbuf);
 		return (NULL);