RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-24 03:55:06 +00:00
Code Issues Activity Actions

SystemServer: Call setgid() before setuid() when dropping privileges

Browse source 
Also add error checking and bail out if either call fails.
Doing it the wrong way around was causing us to retain GID=0 for all
processes (oops!)

Thanks to Chris Ball for reporting the bug. :^)
This commit is contained in:
Andreas Kling 2020-01-02 23:28:37 +01:00
parent 0f9800ca57
commit 0958d826d6
1 changed files with 4 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
Servers/SystemServer/Service.cpp
View file

@ -167,8 +167,10 @@ void Service::spawn()
}
if (!m_user.is_null()) {
setuid(m_uid);
setgid(m_gid);
if (setgid(m_gid) < 0 || setuid(m_uid) < 0) {
fprintf(stderr, "Failed to drop privileges (GID=%u, UID=%u)\n", m_gid, m_uid);
exit(1);
}
}
char* argv[m_extra_arguments.size() + 2];