From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Mon, 13 May 2019 15:45:37 +0000 (+0200)
Subject: dnsdist: only drop uid/gid when needed
X-Git-Tag: auth-4.3.0-beta2~34^2~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a65aec1f3864e4e0da1223392e014081b66cc2f7;p=thirdparty%2Fpdns.git

dnsdist: only drop uid/gid when needed
---

diff --git a/pdns/dnsdist.cc b/pdns/dnsdist.cc
index deea14b769..98d646d54f 100644
--- a/pdns/dnsdist.cc
+++ b/pdns/dnsdist.cc
@@ -2650,8 +2650,8 @@ try
   }
 #endif
 
-  uid_t newgid=0;
-  gid_t newuid=0;
+  uid_t newgid=getegid();
+  gid_t newuid=geteuid();
 
   if(!g_cmdLine.gid.empty())
     newgid = strToGID(g_cmdLine.gid.c_str());
@@ -2659,8 +2659,11 @@ try
   if(!g_cmdLine.uid.empty())
     newuid = strToUID(g_cmdLine.uid.c_str());
 
-  dropGroupPrivs(newgid);
-  dropUserPrivs(newuid);
+  if (getegid() != newgid)
+    dropGroupPrivs(newgid);
+  if (geteuid() != newuid)
+    dropUserPrivs(newuid);
+
   try {
     /* we might still have capabilities remaining,
        for example if we have been started as root