SystemServer: Call setgid() before setuid() when dropping privileges

Also add error checking and bail out if either call fails. Doing it the wrong way around was causing us to retain GID=0 for all processes (oops!) Thanks to Chris Ball for reporting the bug. :^)
author: Andreas Kling <awesomekling@gmail.com> 2020-01-02 23:28:37 +0100
committer: Andreas Kling <awesomekling@gmail.com> 2020-01-02 23:36:21 +0100
commit: 0958d826d6cb84b9a309846ce44eefa7ea3d9f70 (patch)
tree: adfcbdb094a6121f46b1f9c2944268e2ce81594e /Servers/SystemServer
parent: 0f9800ca57a5e710e61a4bf1274478b194a34e42 (diff)
download: serenity-0958d826d6cb84b9a309846ce44eefa7ea3d9f70.zip
1 files changed, 4 insertions, 2 deletions
diff --git a/Servers/SystemServer/Service.cpp b/Servers/SystemServer/Service.cpp
index 907588d7a5..cc17353638 100644
--- a/Servers/SystemServer/Service.cpp
+++ b/Servers/SystemServer/Service.cpp
@@ -167,8 +167,10 @@ void Service::spawn()
         }
 
         if (!m_user.is_null()) {
-            setuid(m_uid);
-            setgid(m_gid);
+            if (setgid(m_gid) < 0 || setuid(m_uid) < 0) {
+                fprintf(stderr, "Failed to drop privileges (GID=%u, UID=%u)\n", m_gid, m_uid);
+                exit(1);
+            }
         }
 
         char* argv[m_extra_arguments.size() + 2];
author	Andreas Kling <awesomekling@gmail.com>	2020-01-02 23:28:37 +0100
committer	Andreas Kling <awesomekling@gmail.com>	2020-01-02 23:36:21 +0100
commit	0958d826d6cb84b9a309846ce44eefa7ea3d9f70 (patch)
tree	adfcbdb094a6121f46b1f9c2944268e2ce81594e /Servers/SystemServer
parent	0f9800ca57a5e710e61a4bf1274478b194a34e42 (diff)
download	serenity-0958d826d6cb84b9a309846ce44eefa7ea3d9f70.zip