qrexec-daemon: check we really did drop root privileges

and drop group privileges too while we're at it
2013-12-27 14:34:57 -05:00 · 2013-12-27 14:34:57 -05:00 · bac950c5ce
commit bac950c5ce
parent 5e4e1fe6ac
1 changed files with 8 additions and 1 deletions
--- a/qrexec/qrexec-daemon.c
+++ b/qrexec/qrexec-daemon.c
@ -203,7 +203,14 @@ void init(int xid)
 	}

 	peer_client_init(xid, REXEC_PORT);
-	setuid(getuid());
+	if (setgid(getgid()) < 0) {
+		perror("setgid()");
+		exit(1);
+	}
+	if (setuid(getuid()) < 0) {
+		perror("setuid()");
+		exit(1);
+	}
 	/* When running as root, make the socket accessible; perms on /var/run/qubes still apply */
 	umask(0);
 	qrexec_daemon_unix_socket_fd =