From bc79d95bca23b52415b2dae5e080d6a1c7bd793b Mon Sep 17 00:00:00 2001
From: Lukas Zumvorde <lukaszumvorde@web.de>
Date: Fri, 7 Aug 2020 18:04:31 +0200
Subject: [PATCH] drop permissions

---
 dwl.c | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)

diff --git a/dwl.c b/dwl.c
index fbdfbe0..43e6190 100644
--- a/dwl.c
+++ b/dwl.c
@@ -671,6 +671,25 @@ dirtomon(int dir)
 	}
 }
 
+static bool drop_permissions(void) {
+	if (getuid() != geteuid() || getgid() != getegid()) {
+		// Set the gid and uid in the correct order.
+		if (setgid(getgid()) != 0) {
+			fprintf(stderr, "Unable to drop root group, refusing to start\n");
+			return false;
+		}
+		if (setuid(getuid()) != 0) {
+			fprintf(stderr, "Unable to drop root user, refusing to start\n");
+			return false;
+		}
+	}
+	if (setgid(0) != -1 || setuid(0) != -1) {
+		fprintf(stderr, "Unable to drop root, refusing to start\n");
+		return false;
+	}
+	return true;
+}
+
 void
 focusclient(Client *old, Client *c, int lift)
 {
@@ -1846,6 +1865,10 @@ main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
+	if (!drop_permissions()) {
+		exit(EXIT_FAILURE);
+	}
+
 	/* The Wayland display is managed by libwayland. It handles accepting
 	 * clients from the Unix socket, manging Wayland globals, and so on. */
 	dpy = wl_display_create();