Print error if chdir, setgroups, setuid, or setgid failed

author: kitsunyan 2018-04-28 20:51:52 +0000
committer: kitsunyan 2018-04-28 20:51:52 +0000
commit: 5d6e17e57a41071316dfa9a53cd23c85e85ce53e (patch)
tree: 734264d260e75daef5a9af06e4003c27fd1fa9ec /src/utils.nim
parent: 8a3beef91b8d6baebd941d4378e6ebbd0dd70906 (diff)
1 files changed, 12 insertions, 4 deletions
diff --git a/src/utils.nim b/src/utils.nim
index 7cbf184..b480ce9 100644
--- a/src/utils.nim
+++ b/src/utils.nim
@@ -253,13 +253,17 @@ except:
 proc canDropPrivileges*(): bool =
   initialUser.isSome
 
-proc dropPrivileges*() =
+proc dropPrivileges*(): bool =
   if initialUser.isSome:
     let user = initialUser.unsafeGet
     var groups = user.groups.map(x => x.cint)
-    discard setgroups(user.groups.len, addr(groups[0]));
-    discard setgid((Gid) user.gid)
-    discard setuid((Uid) user.uid)
+
+    if setgroups(user.groups.len, addr(groups[0])) < 0:
+      return false
+    if setgid((Gid) user.gid) != 0:
+      return false
+    if setuid((Uid) user.uid) != 0:
+      return false
 
     template replaceExisting(name: string, value: string) =
       if cgetenv(name) != nil:
@@ -277,6 +281,10 @@ proc dropPrivileges*() =
     discard cunsetenv("SUDO_GID")
     discard cunsetenv("PKEXEC_UID")
 
+    return true
+  else:
+    return true
+
 var intSigact: SigAction
 intSigact.sa_handler = SIG_DFL
 discard sigaction(SIGINT, intSigact)
author	kitsunyan	2018-04-28 20:51:52 +0000
committer	kitsunyan	2018-04-28 20:51:52 +0000
commit	5d6e17e57a41071316dfa9a53cd23c85e85ce53e (patch)
tree	734264d260e75daef5a9af06e4003c27fd1fa9ec /src/utils.nim
parent	8a3beef91b8d6baebd941d4378e6ebbd0dd70906 (diff)