utility: drop privs only when needed

author Pieter Lexis <pieter.lexis@powerdns.com>

Thu, 6 Jun 2019 10:55:18 +0000 (12:55 +0200)

committer Pieter Lexis <pieter.lexis@powerdns.com>

Thu, 6 Jun 2019 10:55:18 +0000 (12:55 +0200)
author Pieter Lexis <pieter.lexis@powerdns.com>
Thu, 6 Jun 2019 10:55:18 +0000 (12:55 +0200)
committer Pieter Lexis <pieter.lexis@powerdns.com>
Thu, 6 Jun 2019 10:55:18 +0000 (12:55 +0200)
diff --git a/pdns/unix_utility.cc b/pdns/unix_utility.cc

index 201c73fc0d7a2a3a52b644a94d6e53e0d1131f9c..0d180cfc84450aa2b87c83b277c88fa9b3e5a257 100644 (file)
--- a/pdns/unix_utility.cc
+++ b/pdns/unix_utility.cc
@@ -126,7 +126,7 @@ void Utility::usleep(unsigned long usec)
  // Drops the program's group privileges.
  void Utility::dropGroupPrivs( uid_t uid, gid_t gid )
  {
-  if(gid) {
+  if(gid && gid != getegid()) {
      if(setgid(gid)<0) {
        g_log<<Logger::Critical<<"Unable to set effective group id to "<<gid<<": "<<stringerror()<<endl;
        exit(1);
@@ -154,7 +154,7 @@ void Utility::dropGroupPrivs( uid_t uid, gid_t gid )
  // Drops the program's user privileges.
  void Utility::dropUserPrivs( uid_t uid )
  {
-  if(uid) {
+  if(uid && uid != geteuid()) {
      if(setuid(uid)<0) {
        g_log<<Logger::Critical<<"Unable to set effective user id to "<<uid<<": "<<stringerror()<<endl;
        exit(1);
author	Pieter Lexis <pieter.lexis@powerdns.com>
	Thu, 6 Jun 2019 10:55:18 +0000 (12:55 +0200)
committer	Pieter Lexis <pieter.lexis@powerdns.com>
	Thu, 6 Jun 2019 10:55:18 +0000 (12:55 +0200)