1 files changed, 6 insertions, 5 deletions
diff --git a/src/firejail/main.c b/src/firejail/main.c
index e02554c5e..a9af46b6f 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -866,11 +866,12 @@ static void run_builder(int argc, char **argv) {
        (void) argc;
        // drop privileges
-        EUID_ROOT();
+        gid_t gid = getgid();
-        if (setgid(getgid()) < 0)
+        uid_t uid = getuid();
-                errExit("setgid/getgid");
+        if (setresgid(gid, gid, gid) != 0)
-        if (setuid(getuid()) < 0)
+                errExit("setresgid");
-                errExit("setuid/getuid");
+        if (setresuid(uid, uid, uid) != 0)
+                errExit("setresuid");
        assert(getenv("LD_PRELOAD") == NULL);
        umask(orig_umask);

diff --git a/src/firejail/main.c b/src/firejail/main.c index e02554c5e..a9af46b6f 100644 --- a/src/firejail/main.c +++ b/src/firejail/main.c
@@ -866,11 +866,12 @@ static void run_builder(int argc, char **argv) {
866	(void) argc;	866	(void) argc;
867		867
868	// drop privileges	868	// drop privileges
869	EUID_ROOT();	869	gid_t gid = getgid();
870	if (setgid(getgid()) < 0)	870	uid_t uid = getuid();
871	errExit("setgid/getgid");	871	if (setresgid(gid, gid, gid) != 0)
872	if (setuid(getuid()) < 0)	872	errExit("setresgid");
873	errExit("setuid/getuid");	873	if (setresuid(uid, uid, uid) != 0)
		874	errExit("setresuid");
874		875
875	assert(getenv("LD_PRELOAD") == NULL);	876	assert(getenv("LD_PRELOAD") == NULL);
876	umask(orig_umask);	877	umask(orig_umask);