From 71fccca961f6ebaba4398cde0bc0e915ce0c6c3d Mon Sep 17 00:00:00 2001
From: richard <richard@72102866-910b-0410-8b05-ffd578937521>
Date: Sat, 18 Mar 2000 17:29:32 +0000
Subject: [PATCH] More security stuff.

git-svn-id: svn+ssh://svn.gna.org/svn/gnustep/libs/base/trunk@6322 72102866-910b-0410-8b05-ffd578937521
---
 Tools/gdomap.c | 32 +++++++++++++++++++-------------
 1 file changed, 19 insertions(+), 13 deletions(-)

diff --git a/Tools/gdomap.c b/Tools/gdomap.c
index 34522ef89..9c4405764 100644
--- a/Tools/gdomap.c
+++ b/Tools/gdomap.c
@@ -1173,19 +1173,6 @@ init_ports()
       exit(1);
     }
 
-  /*
-   * Try to become a 'safe' user now that we have
-   * done everything that needs root priv.
-   */ 
-  if (getuid () != 0)
-    {
-      setuid (getuid ());
-    }
-  else
-    {
-      setuid (-1);
-    }
-
   /*
    *	Set up masks to say we are interested in these descriptors.
    */
@@ -3328,6 +3315,25 @@ printf(
 	}
     }
   init_ports();	/* Create ports to handle requests.	*/
+
+  /*
+   * Try to become a 'safe' user now that we have
+   * done everything that needs root priv.
+   */ 
+  if (getuid () != 0)
+    {
+      setuid (getuid ());
+    }
+  else
+    {
+      setuid (-1);
+    }
+  /*
+   * As another level of paranoia - restrict this process to /tmp
+   */
+  chdir("/tmp");
+  chroot("/tmp");
+
   init_probe();	/* Probe other name servers on net.	*/
 
   if (debug)