From 0c45b02bdbb1e4be10aa82422f419d3cc4bbe7c9 Mon Sep 17 00:00:00 2001
From: Timotej Lazar <timotej.lazar@fri.uni-lj.si>
Date: Sat, 10 Oct 2015 16:18:47 +0200
Subject: Sandbox: setgid before setuid

---
 python/runner/sandbox.c    | 4 ++--
 python/runner/terminator.c | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'python')

diff --git a/python/runner/sandbox.c b/python/runner/sandbox.c
index 12e2720..4576060 100644
--- a/python/runner/sandbox.c
+++ b/python/runner/sandbox.c
@@ -22,10 +22,10 @@ int main(int argc, char* argv[])
 		return 1;
 	}
 	int ret = 0;
-	if ((ret = setuid(pw->pw_uid)) != 0)
-		fprintf(stderr, "setuid returned %d\n", ret);
 	if ((ret = setgid(pw->pw_gid)) != 0)
 		fprintf(stderr, "setgid returned %d\n", ret);
+	if ((ret = setuid(pw->pw_uid)) != 0)
+		fprintf(stderr, "setuid returned %d\n", ret);
 
 	// limit CPU time to 1 second
 	struct rlimit const cpu_limit = { .rlim_cur = 1, .rlim_max = 1 };
diff --git a/python/runner/terminator.c b/python/runner/terminator.c
index a994bde..0706957 100644
--- a/python/runner/terminator.c
+++ b/python/runner/terminator.c
@@ -20,10 +20,10 @@ int main(int argc, char* argv[])
 		return 1;
 	}
 	int ret = 0;
-	if ((ret = setuid(pw->pw_uid)) != 0)
-		fprintf(stderr, "setuid returned %d\n", ret);
 	if ((ret = setgid(pw->pw_gid)) != 0)
 		fprintf(stderr, "setgid returned %d\n", ret);
+	if ((ret = setuid(pw->pw_uid)) != 0)
+		fprintf(stderr, "setuid returned %d\n", ret);
 
 	pid_t pid = atol(argv[2]);
 	int signum = atoi(argv[3]);
-- 
cgit v1.2.1