From 879cc4f3254e59161506f3857799db8f68a9105f Mon Sep 17 00:00:00 2001
From: Nathan Reiner <nathan@nathanreiner.xyz>
Date: Thu, 23 Mar 2023 20:32:06 +0100
Subject: drop privs after setup

---
 wlock.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/wlock.c b/wlock.c
index 2574632..c657731 100644
--- a/wlock.c
+++ b/wlock.c
@@ -392,10 +392,16 @@ main(int argc, char *argv[])
 	disable_oom_killer();
 #endif
 
-	/* TODO: Drop privileges */
-
 	setup();
 
+
+	if (setgroups(0, NULL) < 0)
+		die("slock: setgroups: %s\n", strerror(errno));
+	if (setgid(grp->gr_gid) < 0)
+		die("slock: setgid: %s\n", strerror(errno));
+	if (setuid(pw->pw_uid) < 0)
+		die("slock: setuid: %s\n", strerror(errno));
+
 	fds[0].fd = wl_display_get_fd(client.display);
 	fds[0].events = POLLIN;
 	fds[1].fd = client.repeat.timer;
-- 
cgit v1.2.3-70-g09d2