commit e9a2eec25cbb6ffad890b7cd4034be1c86095a86
from: Stefan Sperling <stsp@stsp.name>
date: Thu Apr 18 11:48:02 2024 UTC

drop privileges in all parts of gotd other than the main process

ok thomas_adam

commit - 3cb20d616db20a105f3f1744eb680e108c9521dc
commit + e9a2eec25cbb6ffad890b7cd4034be1c86095a86
blob - 8fdfcdc277fb8e76fcf0673b8277273ff4632862
blob + 96366ae057087597e91765bcfc911018cac45fe0
--- gotd/gotd.c
+++ gotd/gotd.c
@@ -2252,6 +2252,8 @@ main(int argc, char **argv)
 		 * files will still work since "getpw" bypasses unveil(2).
 		 */
 		apply_unveil_none();
+
+		drop_privs(pw);
 
 		auth_main(title, &gotd.repos, repo_path);
 		/* NOTREACHED */
@@ -2275,6 +2277,9 @@ main(int argc, char **argv)
 			if (repo == NULL)
 				fatalx("no repository for path %s", repo_path);
 		}
+
+		drop_privs(pw);
+
 		if (proc_id == PROC_SESSION_READ)
 			session_read_main(title, repo_path, pack_fds, temp_fds,
 			    &gotd.request_timeout, repo);
@@ -2353,6 +2358,8 @@ main(int argc, char **argv)
 		 */
 		unveil_notification_helpers();
 
+		drop_privs(pw);
+
 		notify_main(title, &gotd.repos, default_sender);
 		/* NOTREACHED */
 		exit(0);