commit bc746007fdbaeaef4fa096c7702ee3d92db1768c
from: Stefan Sperling <stsp@stsp.name>
date: Wed Mar 19 14:17:03 2025 UTC

only the gotd parent process is able to drop root privs, make this more obvious

commit - 2fae11eba5d55ee098e25416cd2917c9726e3457
commit + bc746007fdbaeaef4fa096c7702ee3d92db1768c
blob - b02902fb5ed9b5f7f6b37038f36f4a86e4e51010
blob + ce6fcc6da872ff71bc715de4868d3a6d371bb768
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -3089,18 +3089,15 @@ main(int argc, char **argv)
 	setproctitle("%s", title);
 	log_procinit(title);
 
-	/* Drop root privileges. */
-	if (pw) {
-		if (setgid(pw->pw_gid) == -1)
-			fatal("setgid %d failed", pw->pw_gid);
-		if (setuid(pw->pw_uid) == -1)
-			fatal("setuid %d failed", pw->pw_uid);
-	}
-
 	event_init();
 
 	switch (proc_id) {
 	case GOTD_PROC_GOTD:
+		/* Drop root privileges. */
+		if (setgid(pw->pw_gid) == -1)
+			fatal("setgid %d failed", pw->pw_gid);
+		if (setuid(pw->pw_uid) == -1)
+			fatal("setuid %d failed", pw->pw_uid);
 		if (verbosity) {
 			log_info("socket: %s", gotd.unix_socket_path);
 			log_info("user: %s", pw->pw_name);