diff options
Diffstat (limited to 'daemon')
-rw-r--r-- | daemon/main.c | 51 |
1 files changed, 27 insertions, 24 deletions
diff --git a/daemon/main.c b/daemon/main.c index 0557f0e..363f3d5 100644 --- a/daemon/main.c +++ b/daemon/main.c @@ -525,32 +525,35 @@ int main(int argc, char *argv[]) res = -1; goto terminate; } + if (pw->pw_uid == 0) { + usbmuxd_log(LL_INFO, "Not dropping privileges to root"); + } else { + if ((res = initgroups(drop_user, pw->pw_gid)) < 0) { + usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set supplementary groups)"); + goto terminate; + } + if ((res = setgid(pw->pw_gid)) < 0) { + usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set group ID to %d)", pw->pw_gid); + goto terminate; + } + if ((res = setuid(pw->pw_uid)) < 0) { + usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set user ID to %d)", pw->pw_uid); + goto terminate; + } - if ((res = initgroups(drop_user, pw->pw_gid)) < 0) { - usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set supplementary groups)"); - goto terminate; - } - if ((res = setgid(pw->pw_gid)) < 0) { - usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set group ID to %d)", pw->pw_gid); - goto terminate; - } - if ((res = setuid(pw->pw_uid)) < 0) { - usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set user ID to %d)", pw->pw_uid); - goto terminate; - } - - // security check - if (setuid(0) != -1) { - usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); - res = -1; - goto terminate; - } - if (getuid() != pw->pw_uid || getgid() != pw->pw_gid) { - usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); - res = -1; - goto terminate; + // security check + if (setuid(0) != -1) { + usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); + res = -1; + goto terminate; + } + if (getuid() != pw->pw_uid || getgid() != pw->pw_gid) { + usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); + res = -1; + goto terminate; + } + usbmuxd_log(LL_NOTICE, "Successfully dropped privileges to '%s'", drop_user); } - usbmuxd_log(LL_NOTICE, "Successfully dropped privileges to '%s'", drop_user); } client_init(); |