From 9acb0cb16cb65a554c5443f0409f827390379249 Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Thu, 16 Nov 2017 01:52:55 +0100
Subject: [PATCH] Fix CVE-2017-11747: Create PID file before dropping
 privileges.

Resolves #106

Signed-off-by: Michael Adam <obnox@samba.org>
---
 src/main.c | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/main.c b/src/main.c
index e52b4b2..35ff704 100644
--- a/src/main.c
+++ b/src/main.c
@@ -441,6 +441,15 @@ main (int argc, char **argv)
                 exit (EX_OSERR);
         }
 
+        /* Create pid file before we drop privileges */
+        if (config.pidpath) {
+                if (pidfile_create (config.pidpath) < 0) {
+                        fprintf (stderr, "%s: Could not create PID file.\n",
+                                 argv[0]);
+                        exit (EX_OSERR);
+                }
+        }
+
         /* Switch to a different user if we're running as root */
         if (geteuid () == 0)
                 change_user (argv[0]);
@@ -453,15 +462,6 @@ main (int argc, char **argv)
                 exit (EX_SOFTWARE);
         }
 
-        /* Create pid file after we drop privileges */
-        if (config.pidpath) {
-                if (pidfile_create (config.pidpath) < 0) {
-                        fprintf (stderr, "%s: Could not create PID file.\n",
-                                 argv[0]);
-                        exit (EX_OSERR);
-                }
-        }
-
         if (child_pool_create () < 0) {
                 fprintf (stderr,
                          "%s: Could not create the pool of children.\n",