From 543d65c6ab767a53844c28d9e887440dec90da1c Mon Sep 17 00:00:00 2001
From: Hisham Muhammad <hisham@gobolinux.org>
Date: Wed, 26 Jul 2017 15:40:55 -0300
Subject: Security review: make privilege dropping-restoring optional.

This is/was necessary only on macOS, because you needed root in order
to read the process list. This was never necessary on Linux, and
it also raises security concerns, so now it needs to be enabled
explicitly at build time.
---
 TraceScreen.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'TraceScreen.c')

diff --git a/TraceScreen.c b/TraceScreen.c
index 6bb2e041..318b9091 100644
--- a/TraceScreen.c
+++ b/TraceScreen.c
@@ -96,7 +96,7 @@ bool TraceScreen_forkTracer(TraceScreen* this) {
    this->child = fork();
    if (this->child == -1) return false;
    if (this->child == 0) {
-      (void) seteuid(getuid());
+      CRT_dropPrivileges();
       dup2(this->fdpair[1], STDERR_FILENO);
       int ok = fcntl(this->fdpair[1], F_SETFL, O_NONBLOCK);
       if (ok != -1) {
-- 
cgit v1.2.3