drop privs after setup

author: Nathan Reiner <nathan@nathanreiner.xyz> 2023-03-23 20:32:06 +0100
committer: Nathan Reiner <nathan@nathanreiner.xyz> 2023-03-23 20:32:06 +0100
commit: 879cc4f3254e59161506f3857799db8f68a9105f (patch)
tree: 756aa4d76c4b33a8eea4c8c6b856e2444db2dd16 /wlock.c
parent: dace7dca77e9539b5cb459f79c1154d11b3030fe (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/wlock.c b/wlock.c
index 2574632..c657731 100644
--- a/wlock.c
+++ b/wlock.c
@@ -392,10 +392,16 @@ main(int argc, char *argv[])
 	disable_oom_killer();
 #endif
 
-	/* TODO: Drop privileges */
-
 	setup();
 
+
+	if (setgroups(0, NULL) < 0)
+		die("slock: setgroups: %s\n", strerror(errno));
+	if (setgid(grp->gr_gid) < 0)
+		die("slock: setgid: %s\n", strerror(errno));
+	if (setuid(pw->pw_uid) < 0)
+		die("slock: setuid: %s\n", strerror(errno));
+
 	fds[0].fd = wl_display_get_fd(client.display);
 	fds[0].events = POLLIN;
 	fds[1].fd = client.repeat.timer;
author	Nathan Reiner <nathan@nathanreiner.xyz>	2023-03-23 20:32:06 +0100
committer	Nathan Reiner <nathan@nathanreiner.xyz>	2023-03-23 20:32:06 +0100
commit	879cc4f3254e59161506f3857799db8f68a9105f (patch)
tree	756aa4d76c4b33a8eea4c8c6b856e2444db2dd16 /wlock.c
parent	dace7dca77e9539b5cb459f79c1154d11b3030fe (diff)