From 3bdf58a455f8a0188024d0c3f0118bcb4c68fb59 Mon Sep 17 00:00:00 2001
From: emersion <contact@emersion.fr>
Date: Wed, 16 Jan 2019 22:33:14 +0100
Subject: [PATCH] Make sure we can't restore root after setuid

---
 shadow.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/shadow.c b/shadow.c
index 7c3a5cc..a1b664b 100644
--- a/shadow.c
+++ b/shadow.c
@@ -21,7 +21,7 @@ static void clear_buffer(void *buf, size_t bytes) {
 	}
 }
 
-void run_child(void) {
+static void run_child(void) {
 	/* This code runs as root */
 	struct passwd *pwent = getpwuid(getuid());
 	if (!pwent) {
@@ -46,6 +46,9 @@ void run_child(void) {
 	if (setuid(getuid()) != 0) {
 		exit(EXIT_FAILURE);
 	}
+	if (setuid(0) != -1) {
+		exit(EXIT_FAILURE);
+	}
 
 	/* This code does not run as root */
 	swaylock_log(LOG_DEBUG, "prepared to authorize user %s", pwent->pw_name);
@@ -127,6 +130,11 @@ void initialize_pw_backend(void) {
 		swaylock_log_errno(LOG_ERROR, "Unable to drop root");
 		exit(EXIT_FAILURE);
 	}
+	if (setuid(0) != -1) {
+		swaylock_log_errno(LOG_ERROR, "Unable to drop root (we shouldn't be "
+			"able to restore it after setuid)");
+		return false;
+	}
 }
 
 bool attempt_password(struct swaylock_password *pw) {