Drop group rights first

We might not be able to drop group rights after dropping user rights
so do group rights first.
This commit is contained in:
madmaurice 2021-01-15 20:22:22 +01:00
parent ab8ef29376
commit 9ef65e0f4c

20
main.c
View file

@ -14,15 +14,9 @@ pid_t pid_child;
void drop_root(void) void drop_root(void)
{ {
uid_t uid = getuid(); /// Drop root privileges
// Drop root privileges // First group then user because we might not
if (setresuid(-1,uid,uid) == -1) // be able to drop group once we dropped user
{
int err = errno;
printf("Failed to drop root privileges with setresuid (%d)\n", err);
exit(err);
}
gid_t gid = getgid(); gid_t gid = getgid();
if (setresgid(-1,gid,gid) == -1) if (setresgid(-1,gid,gid) == -1)
{ {
@ -31,6 +25,14 @@ void drop_root(void)
exit(err); exit(err);
} }
uid_t uid = getuid();
if (setresuid(-1,uid,uid) == -1)
{
int err = errno;
printf("Failed to drop root privileges with setresuid (%d)\n", err);
exit(err);
}
// sanity check // sanity check
if (seteuid(0) != -1) if (seteuid(0) != -1)
{ {