Sandbox: setgid before setuid

author: Timotej Lazar <timotej.lazar@fri.uni-lj.si> 2015-10-10 16:18:47 +0200
committer: Timotej Lazar <timotej.lazar@fri.uni-lj.si> 2015-10-10 16:18:47 +0200
commit: 0c45b02bdbb1e4be10aa82422f419d3cc4bbe7c9 (patch)
tree: a0ed0b4b171dee1ed416beb82764557c08b505df /python
parent: 2f8870c188b25ccf6865f8820a02f53fdf6af41d (diff)
2 files changed, 4 insertions, 4 deletions
diff --git a/python/runner/sandbox.c b/python/runner/sandbox.c
index 12e2720..4576060 100644
--- a/python/runner/sandbox.c
+++ b/python/runner/sandbox.c
@@ -22,10 +22,10 @@ int main(int argc, char* argv[])
 		return 1;
 	}
 	int ret = 0;
-	if ((ret = setuid(pw->pw_uid)) != 0)
-		fprintf(stderr, "setuid returned %d\n", ret);
 	if ((ret = setgid(pw->pw_gid)) != 0)
 		fprintf(stderr, "setgid returned %d\n", ret);
+	if ((ret = setuid(pw->pw_uid)) != 0)
+		fprintf(stderr, "setuid returned %d\n", ret);
 
 	// limit CPU time to 1 second
 	struct rlimit const cpu_limit = { .rlim_cur = 1, .rlim_max = 1 };
diff --git a/python/runner/terminator.c b/python/runner/terminator.c
index a994bde..0706957 100644
--- a/python/runner/terminator.c
+++ b/python/runner/terminator.c
@@ -20,10 +20,10 @@ int main(int argc, char* argv[])
 		return 1;
 	}
 	int ret = 0;
-	if ((ret = setuid(pw->pw_uid)) != 0)
-		fprintf(stderr, "setuid returned %d\n", ret);
 	if ((ret = setgid(pw->pw_gid)) != 0)
 		fprintf(stderr, "setgid returned %d\n", ret);
+	if ((ret = setuid(pw->pw_uid)) != 0)
+		fprintf(stderr, "setuid returned %d\n", ret);
 
 	pid_t pid = atol(argv[2]);
 	int signum = atoi(argv[3]);
author	Timotej Lazar <timotej.lazar@fri.uni-lj.si>	2015-10-10 16:18:47 +0200
committer	Timotej Lazar <timotej.lazar@fri.uni-lj.si>	2015-10-10 16:18:47 +0200
commit	0c45b02bdbb1e4be10aa82422f419d3cc4bbe7c9 (patch)
tree	a0ed0b4b171dee1ed416beb82764557c08b505df /python
parent	2f8870c188b25ccf6865f8820a02f53fdf6af41d (diff)