diff options
| author | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2015-11-14 17:12:15 +0000 |
|---|---|---|
| committer | Matthieu Herrb <matthieu@cvs.openbsd.org> | 2015-11-14 17:12:15 +0000 |
| commit | 8c6eebce51f96b453a8327774b15fd41dcca1326 (patch) | |
| tree | 1d20d134c47a196c2d679482e270fc842fff016e | |
| parent | 349f01f17d74f3281e7e9cf846dcc1c22dd6190d (diff) | |
Don't try to revoque privileges if priv_init is called without
privileges. The parent process will be used for operations
that can't be pledged.
| -rw-r--r-- | app/xconsole/privsep.c | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/app/xconsole/privsep.c b/app/xconsole/privsep.c index fba7e648a..e2b658855 100644 --- a/app/xconsole/privsep.c +++ b/app/xconsole/privsep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: privsep.c,v 1.6 2015/11/11 21:20:12 matthieu Exp $ */ +/* $OpenBSD: privsep.c,v 1.7 2015/11/14 17:12:14 matthieu Exp $ */ /* * Copyright 2001 Niels Provos <provos@citi.umich.edu> * All rights reserved. @@ -165,13 +165,15 @@ priv_init(uid_t uid, gid_t gid) } if (pid != 0) { /* Father - drop privileges and return */ - if (setgroups(1, &gid) == -1) - return -1; - - if (setresgid(gid, gid, gid) == -1) - return -1; - if (setresuid(uid, uid, uid) == -1) - return -1; + if (uid != -1 && gid != -1) { + if (setgroups(1, &gid) == -1) + return -1; + + if (setresgid(gid, gid, gid) == -1) + return -1; + if (setresuid(uid, uid, uid) == -1) + return -1; + } close(socks[0]); priv_fd = socks[1]; return 0; |