Drop group rights first
We might not be able to drop group rights after dropping user rights so do group rights first.
This commit is contained in:
parent
ab8ef29376
commit
9ef65e0f4c
1 changed files with 11 additions and 9 deletions
20
main.c
20
main.c
|
|
@ -14,15 +14,9 @@ pid_t pid_child;
|
|||
|
||||
void drop_root(void)
|
||||
{
|
||||
uid_t uid = getuid();
|
||||
// Drop root privileges
|
||||
if (setresuid(-1,uid,uid) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with setresuid (%d)\n", err);
|
||||
exit(err);
|
||||
}
|
||||
|
||||
/// Drop root privileges
|
||||
// First group then user because we might not
|
||||
// be able to drop group once we dropped user
|
||||
gid_t gid = getgid();
|
||||
if (setresgid(-1,gid,gid) == -1)
|
||||
{
|
||||
|
|
@ -31,6 +25,14 @@ void drop_root(void)
|
|||
exit(err);
|
||||
}
|
||||
|
||||
uid_t uid = getuid();
|
||||
if (setresuid(-1,uid,uid) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with setresuid (%d)\n", err);
|
||||
exit(err);
|
||||
}
|
||||
|
||||
// sanity check
|
||||
if (seteuid(0) != -1)
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in a new issue