commit 5b15f42b17e137a40cb6b46a69f24a853e4aa35b
from: Stefan Sperling <stsp@stsp.name>
via: Thomas Adam <thomas@xteddy.org>
date: Fri Mar 21 13:22:46 2025 UTC

only the gotd parent process is able to drop root privs, make this more obvious

commit - 22b4547217ce327a408d607b845fd955be9f0446
commit + 5b15f42b17e137a40cb6b46a69f24a853e4aa35b
blob - 58119451870b16726cef889fe7076e96df4bac7b
blob + 0bfb5ee471382798b58ecab7b366430592006a16
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -3138,18 +3138,15 @@ main(int argc, char **argv)
 	setproctitle("%s", title);
 	log_procinit(title);
 
-	/* Drop root privileges. */
-	if (pw) {
-		if (setgid(pw->pw_gid) == -1)
-			fatal("setgid %d failed", pw->pw_gid);
-		if (setuid(pw->pw_uid) == -1)
-			fatal("setuid %d failed", pw->pw_uid);
-	}
-
 	event_init();
 
 	switch (proc_id) {
 	case GOTD_PROC_GOTD:
+		/* Drop root privileges. */
+		if (setgid(pw->pw_gid) == -1)
+			fatal("setgid %d failed", pw->pw_gid);
+		if (setuid(pw->pw_uid) == -1)
+			fatal("setuid %d failed", pw->pw_uid);
 		if (verbosity) {
 			log_info("socket: %s", gotd.unix_socket_path);
 			log_info("user: %s", pw->pw_name);