hardening: replace setuid/setgid calls with setresuid/setresgid

when nesting containers and sandboxes, it is possible setuid() fails
silently to reset the saved uid, which is then cleared only by
the next execve. This is solved by replacing setuid() with more
robust setresuid() function calls.

Also add code to drop privileges when entering the run_no_sandbox()
function (along with some minor tidy up).

0 files changed, 0 insertions, 0 deletions