drop privileges once bus name is acquired

diff --git a/src/daemon/dbus/gumd-dbus-server-msg-bus.c b/src/daemon/dbus/gumd-dbus-server-msg-bus.c
index 01f46a5..3143e9c 100644 (file)
--- a/src/daemon/dbus/gumd-dbus-server-msg-bus.c
+++ b/src/daemon/dbus/gumd-dbus-server-msg-bus.c
@@ -158,7 +158,15 @@ _on_name_acquired (
                     g_object_ref (server->priv->daemon),
                     GUMD_DBUS_SERVER_BUSTYPE_MSG_BUS);
     g_object_weak_ref (G_OBJECT (server->priv->group_service),
-            _on_group_interface_dispose, server);}
+            _on_group_interface_dispose, server);
+
+    DBG ("Before: real uid %d effective uid %d", getuid (), geteuid ());
+    if (seteuid (getuid()))
+        WARN ("seteuid() failed");
+    if (setegid (getgid()))
+        WARN ("setegid() failed");
+    DBG ("After: real gid %d effective gid %d", getgid (), getegid ());
+}
 
 static void
 _set_property (

diff --git a/src/daemon/main.c b/src/daemon/main.c
index 69546b3..a613c94 100644 (file)
--- a/src/daemon/main.c
+++ b/src/daemon/main.c
@@ -71,6 +71,12 @@ _start_dbus_server (
 {
 
 #ifdef GUM_BUS_TYPE_P2P
+    DBG ("Before: real uid %d effective uid %d", getuid (), geteuid ());
+    if (seteuid (getuid()))
+        WARN ("seteuid() failed");
+    if (setegid (getgid()))
+        WARN ("setegid() failed");
+    DBG ("After: real gid %d effective gid %d", getgid (), getegid ());
     _server = GUMD_DBUS_SERVER (gumd_dbus_server_p2p_new ());
 #else
     _server = GUMD_DBUS_SERVER (gumd_dbus_server_msg_bus_new ());
@@ -147,13 +153,6 @@ main (int argc, char **argv)
         {NULL }
     };
 
-    DBG ("Before: real uid %d effective uid %d", getuid (), geteuid ());
-    if (seteuid (getuid()))
-        WARN ("seteuid() failed");
-    if (setegid (getgid()))
-        WARN ("setegid() failed");
-    DBG ("After: real gid %d effective gid %d", getgid (), getegid ());
-
 #if !GLIB_CHECK_VERSION (2, 36, 0)
     g_type_init ();
 #endif