madmaurice/pidjail
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Drop group rights first

Browse source 
We might not be able to drop group rights after dropping user rights
so do group rights first.
This commit is contained in:
madmaurice 2021-01-15 20:22:22 +01:00
parent ab8ef29376
commit 9ef65e0f4c
1 changed files with 11 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
main.c
View file

@ -14,15 +14,9 @@ pid_t pid_child;
void drop_root(void) void drop_root(void)
{ {
uid_t uid = getuid(); /// Drop root privileges
// Drop root privileges // First group then user because we might not
if (setresuid(-1,uid,uid) == -1) // be able to drop group once we dropped user
{
int err = errno;
printf("Failed to drop root privileges with setresuid (%d)\n", err);
exit(err);
}
gid_t gid = getgid(); gid_t gid = getgid();
if (setresgid(-1,gid,gid) == -1) if (setresgid(-1,gid,gid) == -1)
{ {
@ -31,6 +25,14 @@ void drop_root(void)
exit(err); exit(err);
} }
uid_t uid = getuid();
if (setresuid(-1,uid,uid) == -1)
{
int err = errno;
printf("Failed to drop root privileges with setresuid (%d)\n", err);
exit(err);
}
// sanity check // sanity check
if (seteuid(0) != -1) if (seteuid(0) != -1)
{ {