Drop group rights first
We might not be able to drop group rights after dropping user rights so do group rights first.
This commit is contained in:
parent
ab8ef29376
commit
9ef65e0f4c
1 changed files with 11 additions and 9 deletions
20
main.c
20
main.c
|
@ -14,15 +14,9 @@ pid_t pid_child;
|
||||||
|
|
||||||
void drop_root(void)
|
void drop_root(void)
|
||||||
{
|
{
|
||||||
uid_t uid = getuid();
|
/// Drop root privileges
|
||||||
// Drop root privileges
|
// First group then user because we might not
|
||||||
if (setresuid(-1,uid,uid) == -1)
|
// be able to drop group once we dropped user
|
||||||
{
|
|
||||||
int err = errno;
|
|
||||||
printf("Failed to drop root privileges with setresuid (%d)\n", err);
|
|
||||||
exit(err);
|
|
||||||
}
|
|
||||||
|
|
||||||
gid_t gid = getgid();
|
gid_t gid = getgid();
|
||||||
if (setresgid(-1,gid,gid) == -1)
|
if (setresgid(-1,gid,gid) == -1)
|
||||||
{
|
{
|
||||||
|
@ -31,6 +25,14 @@ void drop_root(void)
|
||||||
exit(err);
|
exit(err);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
uid_t uid = getuid();
|
||||||
|
if (setresuid(-1,uid,uid) == -1)
|
||||||
|
{
|
||||||
|
int err = errno;
|
||||||
|
printf("Failed to drop root privileges with setresuid (%d)\n", err);
|
||||||
|
exit(err);
|
||||||
|
}
|
||||||
|
|
||||||
// sanity check
|
// sanity check
|
||||||
if (seteuid(0) != -1)
|
if (seteuid(0) != -1)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue