From 69af59d06148925f168ad346f6d0a548f4afd095 Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Sat, 4 Jan 2020 13:35:25 +0100
Subject: [PATCH] Base: Only allow members of the "wheel" group to use /bin/su

---
 Kernel/build-root-filesystem.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Kernel/build-root-filesystem.sh b/Kernel/build-root-filesystem.sh
index a3461e22951..cbc55254669 100755
--- a/Kernel/build-root-filesystem.sh
+++ b/Kernel/build-root-filesystem.sh
@@ -2,6 +2,7 @@
 
 set -e
 
+wheel_gid=1
 tty_gid=2
 phys_gid=3
 audio_gid=4
@@ -99,7 +100,8 @@ elif [ "$(uname -s)" = "OpenBSD" ]; then
 else
     find ../Userland/ -type f -executable -exec cp {} mnt/bin/ \;
 fi
-chmod 4755 mnt/bin/su
+chown 0:$wheel_gid mnt/bin/su
+chmod 4750 mnt/bin/su
 chmod 4755 mnt/bin/ping
 echo "done"