From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 16 Feb 2017 15:59:22 +0000 (-0500)
Subject: suid down after fchown.  Fixes #1914
X-Git-Tag: release_3_0_13~27
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a408998ab22c4e3e443e53bdf07eff4986f26132;p=thirdparty%2Ffreeradius-server.git

suid down after fchown.  Fixes #1914
---

diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
index 43bc2b1365c..938a47ae2ec 100644
--- a/src/main/mainconfig.c
+++ b/src/main/mainconfig.c
@@ -642,15 +642,6 @@ static int switch_users(CONF_SECTION *cs)
 		talloc_free(my_dir);
 	}
 
-	/*
-	 *	Once we're done with all of the privileged work,
-	 *	permanently change the UID.
-	 */
-	if (do_suid) {
-		rad_suid_set_down_uid(server_uid);
-		rad_suid_down();
-	}
-
 	/*
 	 *	If we don't already have a log file open, open one
 	 *	now.  We may not have been logging anything yet.  The
@@ -684,6 +675,15 @@ static int switch_users(CONF_SECTION *cs)
 		}
 	}
 
+	/*
+	 *	Once we're done with all of the privileged work,
+	 *	permanently change the UID.
+	 */
+	if (do_suid) {
+		rad_suid_set_down_uid(server_uid);
+		rad_suid_down();
+	}
+
 	/*
 	 *	This also clears the dumpable flag if core dumps
 	 *	aren't allowed.