--- a/ChangeLog	Fri Jul 09 08:33:59 2004 -0700
+++ b/ChangeLog	Fri Jul 09 13:57:59 2004 -0700
@@ -1,5 +1,9 @@
     $Id$
 
+3.3 2004-07-09
+    Drop root priviledges properly, including the group id.
+
+
 3.2 2004-07-09
 
     Contributions from John Gunkel <jgunkel@palliser.ca>:

--- a/src/dnsbl.cpp	Fri Jul 09 08:33:59 2004 -0700
+++ b/src/dnsbl.cpp	Fri Jul 09 13:57:59 2004 -0700
@@ -1412,21 +1412,6 @@
         exit(EX_UNAVAILABLE);
     }
 
-    // initialize the thread sync objects
-    pthread_mutex_init(&config_mutex, 0);
-    pthread_mutex_init(&syslog_mutex, 0);
-    pthread_mutex_init(&resolve_mutex, 0);
-
-    // load the initial config
-    config = new_conf();
-
-    // only create threads after the fork() in daemon
-    pthread_t tid;
-    if (pthread_create(&tid, 0, config_loader, 0))
-        my_syslog("failed to create config loader thread");
-    if (pthread_detach(tid))
-        my_syslog("failed to detach config loader thread");
-
     // write the pid
     const char *pidpath = "/var/run/dnsbl.pid";
     unlink(pidpath);
@@ -1452,11 +1437,29 @@
     // drop root privs
     struct passwd *pw = getpwnam("dnsbl");
     if (pw) {
+        if (setgid(pw->pw_gid) == -1) {
+            my_syslog("failed to switch to group dnsbl");
+        }
         if (setuid(pw->pw_uid) == -1) {
             my_syslog("failed to switch to user dnsbl");
         }
     }
 
+    // initialize the thread sync objects
+    pthread_mutex_init(&config_mutex, 0);
+    pthread_mutex_init(&syslog_mutex, 0);
+    pthread_mutex_init(&resolve_mutex, 0);
+
+    // load the initial config
+    config = new_conf();
+
+    // only create threads after the fork() in daemon
+    pthread_t tid;
+    if (pthread_create(&tid, 0, config_loader, 0))
+        my_syslog("failed to create config loader thread");
+    if (pthread_detach(tid))
+        my_syslog("failed to detach config loader thread");
+
     time_t starting = time(NULL);
     int rc = smfi_main();
     if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {