Split setgid and setuid, add privilege check - sway - i3-compatible Wayland compositor

commit 5e585f96037854842827db478a978ff959026713
parent d98c26d0edbab66042ff3da0348d339fd857f99d
Author: D.B <thejan.2009@gmail.com>
Date:   Tue, 20 Sep 2016 15:49:16 +0200

Split setgid and setuid, add privilege check

This commit deals with issue #884. I consulted the following sources:
https://www.securecoding.cert.org/confluence/display/c/POS36-C.+Observe+correct+revocation+order+while+relinquishing+privileges
and
https://www.securecoding.cert.org/confluence/display/c/POS37-C.+Ensure+that+privilege+relinquishment+is+successful

Diffstat:
M sway/main.c  | 10 +++++++++-

1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/sway/main.c b/sway/main.c
@@ -156,10 +156,18 @@ int main(int argc, char **argv) {
 			exit(EXIT_FAILURE);
 		}
 		if (getuid() != geteuid() || getgid() != getegid()) {
-			if (setgid(getgid()) != 0 || setuid(getuid()) != 0) {
+			if (setgid(getgid()) != 0) {
 				sway_log(L_ERROR, "Unable to drop root");
 				exit(EXIT_FAILURE);
 			}
+			if (setuid(getuid()) != 0) {
+				sway_log(L_ERROR, "Unable to drop root");
+				exit(EXIT_FAILURE);
+			}
+		}
+		if (setuid(0) != -1) {
+			sway_log(L_ERROR, "Root privileges can be restored.");
+			exit(EXIT_FAILURE);
 		}
 		char *socket_path = getenv("SWAYSOCK");
 		if (!socket_path) {

	sway i3-compatible Wayland compositor
	git clone https://git.awy.one/sway
	Log \| Files \| Refs \| README \| LICENSE