From 504cefec4a93a9b52fa9d25d6f353a4676485c43 Mon Sep 17 00:00:00 2001
From: Lennart Weller <lhw@ring0.de>
Date: Sat, 16 Mar 2013 22:00:48 +0100
Subject: drop privileges on server startup

---
 src/main.vala | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/main.vala b/src/main.vala
index 67f00ff..a9e24e3 100644
--- a/src/main.vala
+++ b/src/main.vala
@@ -69,6 +69,26 @@ public static int main(string[] args) {
 		return 1;
 	}
 
+	if(Posix.getuid() == 0) {
+		try {
+			string user;
+			unowned Posix.Passwd pwd;
+
+			user = cfg.get_string("SYSTEM", "user");
+			if((pwd = Posix.getpwnam(user)) != null) {
+				if(Posix.setuid(pwd.pw_uid) != 0)
+					throw new IOError.FAILED("Failed to set uid");
+				if(Posix.setgid(pwd.pw_gid) != 0)
+					throw new IOError.FAILED("Failed to set gid");
+				if(Posix.setuid(0) != -1)
+					throw new IOError.FAILED("Failed to set uid/gid entirely");
+			}
+		} catch(Error e) {
+			stderr.puts(e.message + "\n");
+			return 1;
+		}
+	}
+
 	dev   = new Device(devicefile, 9600, 8, 1);
 	db    = new Database("shop.db");
 	audio = new AudioPlayer();
-- 
cgit v1.2.3