instance: handle setgid() before setuid()

[project/procd.git] / service / instance.c

diff --git a/service/instance.c b/service/instance.c
index 8d2001a..3367885 100644 (file)
--- a/service/instance.c
+++ b/service/instance.c
@@ -282,10 +282,15 @@ instance_run(struct service_instance *in, int _stdout, int _stderr)
                closefd(_stderr);
        }
 
-       if (in->uid || in->gid) {
-               setuid(in->uid);
-               setgid(in->gid);
+       if (in->gid && setgid(in->gid)) {
+               ERROR("failed to set group id %d: %d (%s)\n", in->gid, errno, strerror(errno));
+               exit(127);
        }
+       if (in->uid && setuid(in->uid)) {
+               ERROR("failed to set user id %d: %d (%s)\n", in->uid, errno, strerror(errno));
+               exit(127);
+       }
+
        execvp(argv[0], argv);
        exit(127);
 }
@@ -869,6 +874,9 @@ void instance_dump(struct blob_buf *b, struct service_instance *in, int verbose)
 {
        void *i;
 
+       if (!in->valid)
+               return;
+
        i = blobmsg_open_table(b, in->name);
        blobmsg_add_u8(b, "running", in->proc.pending);
        if (in->proc.pending)