From 9ef65e0f4c697eade80ca5986ca1964ce42d0347 Mon Sep 17 00:00:00 2001 From: MadMaurice Date: Fri, 15 Jan 2021 20:22:22 +0100 Subject: [PATCH] Drop group rights first We might not be able to drop group rights after dropping user rights so do group rights first. --- main.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/main.c b/main.c index 7a241a0..23a60c4 100644 --- a/main.c +++ b/main.c @@ -14,15 +14,9 @@ pid_t pid_child; void drop_root(void) { - uid_t uid = getuid(); - // Drop root privileges - if (setresuid(-1,uid,uid) == -1) - { - int err = errno; - printf("Failed to drop root privileges with setresuid (%d)\n", err); - exit(err); - } - + /// Drop root privileges + // First group then user because we might not + // be able to drop group once we dropped user gid_t gid = getgid(); if (setresgid(-1,gid,gid) == -1) { @@ -31,6 +25,14 @@ void drop_root(void) exit(err); } + uid_t uid = getuid(); + if (setresuid(-1,uid,uid) == -1) + { + int err = errno; + printf("Failed to drop root privileges with setresuid (%d)\n", err); + exit(err); + } + // sanity check if (seteuid(0) != -1) {