From a3a917cc2947822abd09f57bbabe4620f2b4271c Mon Sep 17 00:00:00 2001
From: Adam Sutton <dev@adamsutton.me.uk>
Date: Wed, 31 Oct 2012 13:17:07 +0000
Subject: [PATCH] Ref #1352 - check return value of setuid/setgid calls.

Also slightly changed the logic so its possible to fork as non-root, though
you must explicitly list your username and group with -u and -g as I do not
want to break built in defaults for compatibility.
---
 src/main.c | 48 ++++++++++++++++++++++++++++++++++--------------
 1 file changed, 34 insertions(+), 14 deletions(-)

diff --git a/src/main.c b/src/main.c
index 4fe455cd8..580a151cf 100644
--- a/src/main.c
+++ b/src/main.c
@@ -270,6 +270,8 @@ main(int argc, char **argv)
   int crash = 0;
   webui_port = 9981;
   htsp_port = 9982;
+  gid_t gid;
+  uid_t uid;
 
   /* Get current directory */
   tvheadend_cwd = dirname(dirname(tvh_strdupa(argv[0])));
@@ -354,34 +356,52 @@ main(int argc, char **argv)
 
   signal(SIGPIPE, handle_sigpipe);
 
+  log_stderr   = 1;
+  log_decorate = isatty(2);
+
   if(forkaway) {
     grp  = getgrnam(groupnam ?: "video");
     pw   = usernam ? getpwnam(usernam) : NULL;
 
-    if(daemon(0, 0)) {
-      exit(2);
-    }
     pidfile = fopen(pidpath, "w+");
-    if(pidfile != NULL) {
-      fprintf(pidfile, "%d\n", getpid());
-      fclose(pidfile);
-    }
 
     if(grp != NULL) {
-      setgid(grp->gr_gid);
+      gid = grp->gr_gid;
     } else {
-      setgid(1);
+      gid = 1;
     }
 
     if (pw != NULL) {
-      gid_t glist[10];
-      int gnum = get_user_groups(pw, glist, 10);
-      setgroups(gnum, glist);
-      setuid(pw->pw_uid);
+      if (getuid() != pw->pw_uid) {
+        gid_t glist[10];
+        int gnum;
+        gnum = get_user_groups(pw, glist, 10);
+        if (setgroups(gnum, glist)) {
+          tvhlog(LOG_ALERT, "START", "setgroups() failed, do you have permission?");
+          return 1;
+        }
+      }
+      uid     = pw->pw_uid;
       homedir = pw->pw_dir;
       setenv("HOME", homedir, 1);
     } else {
-      setuid(1);
+      uid = 1;
+    }
+    if ((getgid() != gid) && setgid(gid)) {
+      tvhlog(LOG_ALERT, "START", "setgid() failed, do you have permission?");
+      return 1;
+    }
+    if ((getuid() != uid) && setuid(uid)) {
+      tvhlog(LOG_ALERT, "START", "setuid() failed, do you have permission?");
+      return 1;
+    }
+
+    if(daemon(0, 0)) {
+      exit(2);
+    }
+    if(pidfile != NULL) {
+      fprintf(pidfile, "%d\n", getpid());
+      fclose(pidfile);
     }
 
     umask(0);
-- 
2.47.2