minor enhancement: added robustness for setres[gu]id function calls

1 files changed, 3 insertions, 5 deletions

diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
index e10f90850..a63f29322 100644
--- a/src/firejail/run_symlink.c
+++ b/src/firejail/run_symlink.c
@@ -34,11 +34,9 @@ void run_symlink(int argc, char **argv, int run_as_is) {
                 return;
 
         // drop privileges
-        gid_t gid = getgid();
-        uid_t uid = getuid();
-        if (setresgid(gid, gid, gid) != 0)
+        if (setresgid(-1, getgid(), getgid()) != 0)
                 errExit("setresgid");
-        if (setresuid(uid, uid, uid) != 0)
+        if (setresuid(-1, getuid(), getuid()) != 0)
                 errExit("setresuid");
 
         // find the real program by looking in PATH
@@ -95,7 +93,7 @@ void run_symlink(int argc, char **argv, int run_as_is) {
         umask(orig_umask);
 
         // desktop integration is not supported for root user; instead, the original program is started
-        if (uid == 0 || run_as_is) {
+        if (getuid() == 0 || run_as_is) {
                 argv[0] = program;
                 execv(program, argv);
                 exit(1);