Replace setuid/setgid with setresuid/setresgid (or setreuid/setregid)

The semantics of setuid in SUID processes are not entirely clear on all
Unix-like systems. Better use setresuid to drop privileges where available.

3 files changed, 23 insertions, 4 deletions

diff --git a/cmake/checks.cmake b/cmake/checks.cmake
index 62d52ff..27c073f 100644
--- a/cmake/checks.cmake
+++ b/cmake/checks.cmake
@@ -37,6 +37,8 @@ int main() {
 
 check_prototype_definition("get_current_dir_name" "char *get_current_dir_name(void)" "NULL" "unistd.h" HAVE_GET_CURRENT_DIR_NAME)
 
+check_symbol_exists("setresuid" "unistd.h" HAVE_SETRESUID)
+check_symbol_exists("setresgid" "unistd.h" HAVE_SETRESGID)
 
 if(NOT DARWIN)
   set(RT_LIBRARY "")
diff --git a/src/build.h.in b/src/build.h.in
index 503348b..c8a90eb 100644
--- a/src/build.h.in
+++ b/src/build.h.in
@@ -47,6 +47,12 @@
 /** Defined if be32toh etc. exist */
 #cmakedefine HAVE_LINUX_ENDIAN
 
+/** Defined if the platform defines setresuid() */
+#cmakedefine HAVE_SETRESUID
+
+/** Defined if the platform defines setresgid() */
+#cmakedefine HAVE_SETRESGID
+
 /** Defined if the platform supports SO_BINDTODEVICE */
 #cmakedefine USE_BINDTODEVICE
 
diff --git a/src/fastd.c b/src/fastd.c
index 64bc294..8adea3c 100644
--- a/src/fastd.c
+++ b/src/fastd.c
@@ -312,11 +312,22 @@ static inline void write_pid(void) {
 static void set_user(void) {
 #ifdef USE_USER
 	if (conf.user || conf.group) {
-		if (setgid(conf.gid) < 0)
-			exit_errno("setgid");
 
-		if (setuid(conf.uid) < 0)
-			exit_errno("setuid");
+#ifdef HAVE_SETRESGID
+		if (setresgid(conf.gid, conf.gid, conf.gid) < 0)
+			exit_errno("setresgid");
+#else
+		if (setregid(conf.gid, conf.gid) < 0)
+			exit_errno("setregid");
+#endif
+
+#ifdef HAVE_SETRESUID
+		if (setresuid(conf.uid, conf.uid, conf.uid) < 0)
+			exit_errno("setresuid");
+#else
+		if (setreuid(conf.uid, conf.uid) < 0)
+			exit_errno("setreuid");
+#endif
 
 		pr_info("changed to UID %i, GID %i", (int)conf.uid, (int)conf.gid);
 	}