From 0958d826d6cb84b9a309846ce44eefa7ea3d9f70 Mon Sep 17 00:00:00 2001
From: Andreas Kling <awesomekling@gmail.com>
Date: Thu, 2 Jan 2020 23:28:37 +0100
Subject: [PATCH] SystemServer: Call setgid() before setuid() when dropping
 privileges

Also add error checking and bail out if either call fails.
Doing it the wrong way around was causing us to retain GID=0 for all
processes (oops!)

Thanks to Chris Ball for reporting the bug. :^)
---
 Servers/SystemServer/Service.cpp | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/Servers/SystemServer/Service.cpp b/Servers/SystemServer/Service.cpp
index 907588d7a5..cc17353638 100644
--- a/Servers/SystemServer/Service.cpp
+++ b/Servers/SystemServer/Service.cpp
@@ -167,8 +167,10 @@ void Service::spawn()
         }
 
         if (!m_user.is_null()) {
-            setuid(m_uid);
-            setgid(m_gid);
+            if (setgid(m_gid) < 0 || setuid(m_uid) < 0) {
+                fprintf(stderr, "Failed to drop privileges (GID=%u, UID=%u)\n", m_gid, m_uid);
+                exit(1);
+            }
         }
 
         char* argv[m_extra_arguments.size() + 2];