mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2024-09-21 10:19:03 +03:00
SystemServer: Call setgid() before setuid() when dropping privileges
Also add error checking and bail out if either call fails. Doing it the wrong way around was causing us to retain GID=0 for all processes (oops!) Thanks to Chris Ball for reporting the bug. :^)
This commit is contained in:
parent
0f9800ca57
commit
0958d826d6
Notes:
sideshowbarker
2024-07-19 10:24:53 +09:00
Author: https://github.com/awesomekling Commit: https://github.com/SerenityOS/serenity/commit/0958d826d6c
@ -167,8 +167,10 @@ void Service::spawn()
|
||||
}
|
||||
|
||||
if (!m_user.is_null()) {
|
||||
setuid(m_uid);
|
||||
setgid(m_gid);
|
||||
if (setgid(m_gid) < 0 || setuid(m_uid) < 0) {
|
||||
fprintf(stderr, "Failed to drop privileges (GID=%u, UID=%u)\n", m_gid, m_uid);
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
|
||||
char* argv[m_extra_arguments.size() + 2];
|
||||
|
Loading…
Reference in New Issue
Block a user