From 5e585f96037854842827db478a978ff959026713 Mon Sep 17 00:00:00 2001 From: "D.B" Date: Tue, 20 Sep 2016 15:49:16 +0200 Subject: [PATCH] Split setgid and setuid, add privilege check This commit deals with issue #884. I consulted the following sources: https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges and https://www.securecoding.cert.org/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful --- sway/main.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/sway/main.c b/sway/main.c index 972b260b5..660da18cf 100644 --- a/sway/main.c +++ b/sway/main.c @@ -156,10 +156,18 @@ int main(int argc, char **argv) { exit(EXIT_FAILURE); } if (getuid() != geteuid() || getgid() != getegid()) { - if (setgid(getgid()) != 0 || setuid(getuid()) != 0) { + if (setgid(getgid()) != 0) { sway_log(L_ERROR, "Unable to drop root"); exit(EXIT_FAILURE); } + if (setuid(getuid()) != 0) { + sway_log(L_ERROR, "Unable to drop root"); + exit(EXIT_FAILURE); + } + } + if (setuid(0) != -1) { + sway_log(L_ERROR, "Root privileges can be restored."); + exit(EXIT_FAILURE); } char *socket_path = getenv("SWAYSOCK"); if (!socket_path) {