From ac755582293cdd6ec4e2b54c2ea36cc1510366a8 Mon Sep 17 00:00:00 2001
From: Ted Gould <ted@gould.cx>
Date: Tue, 21 Aug 2012 15:30:18 -0500
Subject: Drop privs if we have 'em

---
 src/pam-freerdp.c | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src/pam-freerdp.c')

diff --git a/src/pam-freerdp.c b/src/pam-freerdp.c
index 7bc76ba..b927672 100644
--- a/src/pam-freerdp.c
+++ b/src/pam-freerdp.c
@@ -248,6 +248,11 @@ pam_sm_open_session (pam_handle_t *pamh, int flags, int argc, const char ** argv
 
 	pid_t pid = fork();
 	if (pid == 0) {
+		if (setgid(pwdent->pw_gid) < 0 || setuid(pwdent->pw_uid) < 0 ||
+				setegid(pwdent->pw_gid) < 0 || seteuid(pwdent->pw_uid) < 0) {
+			_exit(EXIT_FAILURE);
+		}
+
 		if (listen(socketfd, 1) < 0) {
 			_exit(EXIT_FAILURE);
 		}
-- 
cgit v1.2.3