Fix CVE-2017-11747: Create PID file before dropping privileges.

Resolves #106 Signed-off-by: Michael Adam <obnox@samba.org>
2017-11-16 01:52:55 +01:00 · 2017-11-16 01:52:55 +01:00 · 9acb0cb16c
commit 9acb0cb16c
parent af1d7ab510
1 changed files with 9 additions and 9 deletions
--- a/src/main.c
+++ b/src/main.c
@ -441,6 +441,15 @@ main (int argc, char **argv)
                exit (EX_OSERR);
        }

+        /* Create pid file before we drop privileges */
+        if (config.pidpath) {
+                if (pidfile_create (config.pidpath) < 0) {
+                        fprintf (stderr, "%s: Could not create PID file.\n",
+                                 argv[0]);
+                        exit (EX_OSERR);
+                }
+        }
+
        /* Switch to a different user if we're running as root */
        if (geteuid () == 0)
                change_user (argv[0]);
@ -453,15 +462,6 @@ main (int argc, char **argv)
                exit (EX_SOFTWARE);
        }

-        /* Create pid file after we drop privileges */
-        if (config.pidpath) {
-                if (pidfile_create (config.pidpath) < 0) {
-                        fprintf (stderr, "%s: Could not create PID file.\n",
-                                 argv[0]);
-                        exit (EX_OSERR);
-                }
-        }
-
        if (child_pool_create () < 0) {
                fprintf (stderr,
                         "%s: Could not create the pool of children.\n",