Fix ordering of setgid and setuid

It looks like the code to drop privileges may have been broken via commit 37f0e1f. That commit reverted the correct order from #911, which first drops the gid then the uid. If setuid is called first then the target user may not have the ability to setgid.
author: Teddy Reed <[email protected]> 2020-02-10 21:29:26 -0500
committer: Simon Ser <[email protected]> 2020-02-11 10:17:45 +0100
commit: 31a83bd48d9aad2a039565fc39f1a52bd0cdf17d (patch)
tree: 995bf9eebad763834ebca1c72ea74b14fb93c00c
parent: 0b709702c134fcba2b8210ac6f85b8b2665484d0 (diff)
1 files changed, 8 insertions, 3 deletions
diff --git a/sway/main.c b/sway/main.c
index e0af4a79..d4585f73 100644
--- a/sway/main.c
+++ b/sway/main.c
@@ -186,12 +186,17 @@ static void log_kernel(void) {
 
 static bool drop_permissions(void) {
 	if (getuid() != geteuid() || getgid() != getegid()) {
-		if (setuid(getuid()) != 0 || setgid(getgid()) != 0) {
-			sway_log(SWAY_ERROR, "Unable to drop root, refusing to start");
+		// Set the gid and uid in the correct order.
+		if (setgid(getgid()) != 0) {
+			sway_log(SWAY_ERROR, "Unable to drop root group, refusing to start");
+			return false;
+		}
+		if (setuid(getuid()) != 0) {
+			sway_log(SWAY_ERROR, "Unable to drop root user, refusing to start");
 			return false;
 		}
 	}
-	if (setuid(0) != -1) {
+	if (setgid(0) != -1 || setuid(0) != -1) {
 		sway_log(SWAY_ERROR, "Unable to drop root (we shouldn't be able to "
 			"restore it after setuid), refusing to start");
 		return false;
author	Teddy Reed <[email protected]>	2020-02-10 21:29:26 -0500
committer	Simon Ser <[email protected]>	2020-02-11 10:17:45 +0100
commit	31a83bd48d9aad2a039565fc39f1a52bd0cdf17d (patch)
tree	995bf9eebad763834ebca1c72ea74b14fb93c00c
parent	0b709702c134fcba2b8210ac6f85b8b2665484d0 (diff)