if run as sudo drop privileges before execing qemu and spicec/spicy

author: Alon Levy <alevy@redhat.com> 2011-07-31 18:50:16 +0300
committer: Alon Levy <alevy@redhat.com> 2011-07-31 18:50:16 +0300
commit: 4b9dff808557a41f28e47952901de9130c518f15 (patch)
tree: 3d1db6608d5b5ad0c5137e78470a1aef712735f5
parent: ce8696f5a4337f08417df02c589d58f195414923 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/spice2 b/spice2
index fcde91f..6f3598f 100755
--- a/spice2
+++ b/spice2
@@ -968,6 +968,12 @@ def main():
         return
     ignore_ctrlc()
     exit_on_hup()
+    # At this point drop privileges before executing any process. Networking and
+    # anything else requiring super-user privileges should have already been done.
+    if os.getuid() == 0:
+        print "dropping super user privileges"
+        os.setuid(args.uid)
+        os.setgid(args.gid)
     test_process = start_process(args=cmdline, show_output=True)
     if args.xephyr:
         display = xephyr_get_display()
author	Alon Levy <alevy@redhat.com>	2011-07-31 18:50:16 +0300
committer	Alon Levy <alevy@redhat.com>	2011-07-31 18:50:16 +0300
commit	4b9dff808557a41f28e47952901de9130c518f15 (patch)
tree	3d1db6608d5b5ad0c5137e78470a1aef712735f5
parent	ce8696f5a4337f08417df02c589d58f195414923 (diff)