LadybirdBrowser/ladybird
1
1
Fork 0
mirror of https://github.com/LadybirdBrowser/ladybird.git synced 2024-09-21 10:19:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

SystemServer: Call setgid() before setuid() when dropping privileges

Browse Source 
Also add error checking and bail out if either call fails.
Doing it the wrong way around was causing us to retain GID=0 for all
processes (oops!)

Thanks to Chris Ball for reporting the bug. :^)
This commit is contained in:
Andreas Kling 2020-01-02 23:28:37 +01:00
parent 0f9800ca57
commit 0958d826d6
Notes: sideshowbarker 2024-07-19 10:24:53 +09:00 
Author: https://github.com/awesomekling
Commit: https://github.com/SerenityOS/serenity/commit/0958d826d6c
1 changed files with 4 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Servers/SystemServer/Service.cpp
View File

@ -167,8 +167,10 @@ void Service::spawn()
}
if (!m_user.is_null()) {
setuid(m_uid);
setgid(m_gid);
if (setgid(m_gid) < 0 || setuid(m_uid) < 0) {
fprintf(stderr, "Failed to drop privileges (GID=%u, UID=%u)\n", m_gid, m_uid);
exit(1);
}
}
char* argv[m_extra_arguments.size() + 2];