From bac950c5cec806a5d3d040b16605d7f11ef1d2d3 Mon Sep 17 00:00:00 2001
From: Vincent Penquerc'h <vincent.penquerch@collabora.co.uk>
Date: Fri, 27 Dec 2013 14:34:57 -0500
Subject: [PATCH] qrexec-daemon: check we really did drop root privileges

and drop group privileges too while we're at it
---
 qrexec/qrexec-daemon.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/qrexec/qrexec-daemon.c b/qrexec/qrexec-daemon.c
index b2eef9e..dc31875 100644
--- a/qrexec/qrexec-daemon.c
+++ b/qrexec/qrexec-daemon.c
@@ -203,7 +203,14 @@ void init(int xid)
 	}
 
 	peer_client_init(xid, REXEC_PORT);
-	setuid(getuid());
+	if (setgid(getgid()) < 0) {
+		perror("setgid()");
+		exit(1);
+	}
+	if (setuid(getuid()) < 0) {
+		perror("setuid()");
+		exit(1);
+	}
 	/* When running as root, make the socket accessible; perms on /var/run/qubes still apply */
 	umask(0);
 	qrexec_daemon_unix_socket_fd =