4 files changed, 32 insertions, 30 deletions

diff --git a/src/firejail/main.c b/src/firejail/main.c
index e02554c5e..a9af46b6f 100644
--- a/src/firejail/main.c
+++ b/src/firejail/main.c
@@ -866,11 +866,12 @@ static void run_builder(int argc, char **argv) {
         (void) argc;
 
         // drop privileges
-        EUID_ROOT();
-        if (setgid(getgid()) < 0)
-                errExit("setgid/getgid");
-        if (setuid(getuid()) < 0)
-                errExit("setuid/getuid");
+        gid_t gid = getgid();
+        uid_t uid = getuid();
+        if (setresgid(gid, gid, gid) != 0)
+                errExit("setresgid");
+        if (setresuid(uid, uid, uid) != 0)
+                errExit("setresuid");
 
         assert(getenv("LD_PRELOAD") == NULL);
         umask(orig_umask);
diff --git a/src/firejail/no_sandbox.c b/src/firejail/no_sandbox.c
index 9ad4e8ba1..096f34cc5 100644
--- a/src/firejail/no_sandbox.c
+++ b/src/firejail/no_sandbox.c
@@ -161,32 +161,31 @@ int check_kernel_procs(void) {
 
 void run_no_sandbox(int argc, char **argv) {
         EUID_ASSERT();
+        // drop privileges
+        gid_t gid = getgid();
+        uid_t uid = getuid();
+        if (setresgid(gid, gid, gid) != 0)
+                errExit("setresgid");
+        if (setresuid(uid, uid, uid) != 0)
+                errExit("setresuid");
 
         // process limited subset of options
         int i;
         for (i = 0; i < argc; i++) {
                 if (strcmp(argv[i], "--debug") == 0)
                         arg_debug = 1;
-                else if (strcmp(argv[i], "--shell=none") == 0 ||
-                    strncmp(argv[i], "--shell=", 8) == 0)
+                else if (strncmp(argv[i], "--shell=", 8) == 0)
                         fwarning("shell-related command line options are disregarded - using SHELL environment variable\n");
         }
 
-        // use $SHELL to get shell used in sandbox
-        char *shell =  getenv("SHELL");
-        if (shell && access(shell, R_OK) == 0)
-                cfg.shell = shell;
-
-        // guess shell otherwise
-        if (!cfg.shell) {
-                cfg.shell = guess_shell();
-                if (arg_debug)
-                        printf("Autoselecting %s as shell\n", cfg.shell);
-        }
+        // use $SHELL to get shell used in sandbox, guess shell otherwise
+        cfg.shell = guess_shell();
         if (!cfg.shell) {
                 fprintf(stderr, "Error: unable to guess your shell, please set SHELL environment variable\n");
                 exit(1);
         }
+        else if (arg_debug)
+                printf("Selecting %s as shell\n", cfg.shell);
 
         int prog_index = 0;
         // find first non option arg:
diff --git a/src/firejail/run_symlink.c b/src/firejail/run_symlink.c
index ee62bba32..e10f90850 100644
--- a/src/firejail/run_symlink.c
+++ b/src/firejail/run_symlink.c
@@ -34,11 +34,12 @@ void run_symlink(int argc, char **argv, int run_as_is) {
                 return;
 
         // drop privileges
-        EUID_ROOT();
-        if (setgid(getgid()) < 0)
-                errExit("setgid/getgid");
-        if (setuid(getuid()) < 0)
-                errExit("setuid/getuid");
+        gid_t gid = getgid();
+        uid_t uid = getuid();
+        if (setresgid(gid, gid, gid) != 0)
+                errExit("setresgid");
+        if (setresuid(uid, uid, uid) != 0)
+                errExit("setresuid");
 
         // find the real program by looking in PATH
         char *p = getenv("PATH");
@@ -94,7 +95,7 @@ void run_symlink(int argc, char **argv, int run_as_is) {
         umask(orig_umask);
 
         // desktop integration is not supported for root user; instead, the original program is started
-        if (getuid() == 0 || run_as_is) {
+        if (uid == 0 || run_as_is) {
                 argv[0] = program;
                 execv(program, argv);
                 exit(1);
diff --git a/src/firejail/util.c b/src/firejail/util.c
index dd298a31a..52f0f89c5 100644
--- a/src/firejail/util.c
+++ b/src/firejail/util.c
@@ -119,12 +119,13 @@ clean_all:
 // drop privileges
 // - for root group or if nogroups is set, supplementary groups are not configured
 void drop_privs(int nogroups) {
-        EUID_ROOT();
         gid_t gid = getgid();
+        uid_t uid = getuid();
         if (arg_debug)
-                printf("Drop privileges: pid %d, uid %d, gid %d, nogroups %d\n",  getpid(), getuid(), gid, nogroups);
+                printf("Drop privileges: pid %d, uid %d, gid %d, nogroups %d\n",  getpid(), uid, gid, nogroups);
 
         // configure supplementary groups
+        EUID_ROOT();
         if (gid == 0 || nogroups) {
                 if (setgroups(0, NULL) < 0)
                         errExit("setgroups");
@@ -135,10 +136,10 @@ void drop_privs(int nogroups) {
                 clean_supplementary_groups(gid);
 
         // set uid/gid
-        if (setgid(getgid()) < 0)
-                errExit("setgid/getgid");
-        if (setuid(getuid()) < 0)
-                errExit("setuid/getuid");
+        if (setresgid(gid, gid, gid) != 0)
+                errExit("setresgid");
+        if (setresuid(uid, uid, uid) != 0)
+                errExit("setresuid");
 }