commit - 3cb20d616db20a105f3f1744eb680e108c9521dc
commit + e9a2eec25cbb6ffad890b7cd4034be1c86095a86
blob - 8fdfcdc277fb8e76fcf0673b8277273ff4632862
blob + 96366ae057087597e91765bcfc911018cac45fe0
--- gotd/gotd.c
+++ gotd/gotd.c
* files will still work since "getpw" bypasses unveil(2).
*/
apply_unveil_none();
+
+ drop_privs(pw);
auth_main(title, &gotd.repos, repo_path);
/* NOTREACHED */
if (repo == NULL)
fatalx("no repository for path %s", repo_path);
}
+
+ drop_privs(pw);
+
if (proc_id == PROC_SESSION_READ)
session_read_main(title, repo_path, pack_fds, temp_fds,
&gotd.request_timeout, repo);
*/
unveil_notification_helpers();
+ drop_privs(pw);
+
notify_main(title, &gotd.repos, default_sender);
/* NOTREACHED */
exit(0);