Drop group rights first

We might not be able to drop group rights after dropping user rights
so do group rights first.
This commit is contained in:
madmaurice 2021-01-15 20:22:22 +01:00
parent ab8ef29376
commit 9ef65e0f4c

20
main.c
View file

@ -14,15 +14,9 @@ pid_t pid_child;
void drop_root(void)
{
uid_t uid = getuid();
// Drop root privileges
if (setresuid(-1,uid,uid) == -1)
{
int err = errno;
printf("Failed to drop root privileges with setresuid (%d)\n", err);
exit(err);
}
/// Drop root privileges
// First group then user because we might not
// be able to drop group once we dropped user
gid_t gid = getgid();
if (setresgid(-1,gid,gid) == -1)
{
@ -31,6 +25,14 @@ void drop_root(void)
exit(err);
}
uid_t uid = getuid();
if (setresuid(-1,uid,uid) == -1)
{
int err = errno;
printf("Failed to drop root privileges with setresuid (%d)\n", err);
exit(err);
}
// sanity check
if (seteuid(0) != -1)
{