logger: Drop privileges to build-time settings as early as possible

Change-Id: If8972bcb5e9c7bfbc13c5ff88e45f0acfa4f1546

diff --git a/src/logger/logger.c b/src/logger/logger.c
index e31ed8a..85ecb60 100755 (executable)
--- a/src/logger/logger.c
+++ b/src/logger/logger.c
@@ -330,9 +330,9 @@ static int reset_self_privileges()
        if (r < 0)
                return r;
 
-       if (setgid(gid) < 0)
+       if (getegid() != uid && setgid(gid) < 0)
                return -errno;
-       if (setuid(uid) < 0)
+       if (geteuid() != gid && setuid(uid) < 0)
                return -errno; // should never happen
 
        return 0;
@@ -2194,10 +2194,6 @@ static int finalize_init(struct logger_config_data *data, struct logger *server)
 {
        sd_notify(0, "READY=1");
 
-       int r = reset_self_privileges();
-       if (r < 0)
-               return r;
-
        //create files after resetting self privileges
        list_foreach(data->logfile_configs, server, parse_logfile_config);
 
@@ -2216,6 +2212,12 @@ int main(int argc, char** argv)
 
        signal(SIGPIPE, SIG_IGN);
 
+       r = reset_self_privileges();
+       if (r < 0) {
+               printf("Unable to drop privileges to build-time defaults (%s). Exiting.\n", strerror(-r));
+               return DLOG_EXIT_ERR_RUNTIME;
+       }
+
        struct logger_config_data data;
        if ((r = prepare_config_data(&data, argc, argv)) != 0) {
                if (r < 0) {