From a1598c742e999cc96a9ccf743c2eb6af8c444c73 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 14 Aug 2009 19:28:18 +0200
Subject: daemon: reset gids too, not just uids

---
 src/daemon/caps.c | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'src/daemon')

diff --git a/src/daemon/caps.c b/src/daemon/caps.c
index 69e58cc0..76b62e03 100644
--- a/src/daemon/caps.c
+++ b/src/daemon/caps.c
@@ -57,21 +57,29 @@ void pa_drop_root(void) {
 
 #ifdef HAVE_GETUID
     uid_t uid;
+    gid_t gid;
 
     pa_log_debug(_("Cleaning up privileges."));
     uid = getuid();
+    gid = getgid();
 
 #if defined(HAVE_SETRESUID)
     pa_assert_se(setresuid(uid, uid, uid) >= 0);
+    pa_assert_se(setresgid(gid, gid, gid) >= 0);
 #elif defined(HAVE_SETREUID)
     pa_assert_se(setreuid(uid, uid) >= 0);
+    pa_assert_se(setregid(gid, gid) >= 0);
 #else
     pa_assert_se(setuid(uid) >= 0);
     pa_assert_se(seteuid(uid) >= 0);
+    pa_assert_se(setgid(gid) >= 0);
+    pa_assert_se(setegid(gid) >= 0);
 #endif
 
     pa_assert_se(getuid() == uid);
     pa_assert_se(geteuid() == uid);
+    pa_assert_se(getgid() == gid);
+    pa_assert_se(getegid() == gid);
 #endif
 
 #ifdef HAVE_SYS_PRCTL_H
-- 
cgit