From 44985407bb4171397d80e47e7763b832721c4220 Mon Sep 17 00:00:00 2001
From: James Petersen <m@jamespetersen.ca>
Date: Fri, 11 Aug 2023 03:55:17 -0300
Subject: [PATCH 1/2] Change `setuid` Calls to `setreuid`, and the Same for
 `setgid`.

As described in section 8.1 of https://people.eecs.berkeley.edu/~daw/papers/setuid-usenix02.pdf,
setuid should be avoided because of its inconsistent implementation across different unix systems. Instead,
setreuid should be used, as it is more consistent across systems.
---
 daemonize/src/lib.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/daemonize/src/lib.rs b/daemonize/src/lib.rs
index 4f0f758c..1caebd04 100644
--- a/daemonize/src/lib.rs
+++ b/daemonize/src/lib.rs
@@ -354,7 +354,7 @@ impl<T> Daemonize<T> {
                 Ok(Some(first_child_pid)) => {
                     Outcome::Parent(match waitpid(first_child_pid) {
                         Err(err) => Err(err.into()),
-                        Ok(first_child_exit_code) => Ok(Parent { first_child_exit_code: first_child_exit_code as i32 }),
+                        Ok(first_child_exit_code) => Ok(Parent { first_child_exit_code }),
                     })
                 },
                 Err(err) => Outcome::Parent(Err(err.into())),
@@ -498,7 +498,7 @@ unsafe fn get_group(group: Group) -> Result<libc::gid_t, ErrorKind> {
 }
 
 unsafe fn set_group(group: libc::gid_t) -> Result<(), ErrorKind> {
-    check_err(libc::setgid(group), ErrorKind::SetGroup)?;
+    check_err(libc::setregid(group, group), ErrorKind::SetGroup)?;
     Ok(())
 }
 
@@ -516,7 +516,7 @@ unsafe fn get_user(user: User) -> Result<libc::uid_t, ErrorKind> {
 }
 
 unsafe fn set_user(user: libc::uid_t) -> Result<(), ErrorKind> {
-    check_err(libc::setuid(user), ErrorKind::SetUser)?;
+    check_err(libc::setreuid(user, user), ErrorKind::SetUser)?;
     Ok(())
 }
 

From 35522cbbafd7104e26500f0cf66c2b58a121f18a Mon Sep 17 00:00:00 2001
From: James Petersen <m@jamespetersen.ca>
Date: Sat, 12 Aug 2023 01:43:49 -0300
Subject: [PATCH 2/2] Restore Integer Cast on waitpid Return Value

Add a clippy allow statement and a comment to indicate why the cast is there.
---
 daemonize/src/lib.rs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/daemonize/src/lib.rs b/daemonize/src/lib.rs
index 1caebd04..60489a3d 100644
--- a/daemonize/src/lib.rs
+++ b/daemonize/src/lib.rs
@@ -354,7 +354,9 @@ impl<T> Daemonize<T> {
                 Ok(Some(first_child_pid)) => {
                     Outcome::Parent(match waitpid(first_child_pid) {
                         Err(err) => Err(err.into()),
-                        Ok(first_child_exit_code) => Ok(Parent { first_child_exit_code }),
+                        // return value of `waitpid` may not be i32 on all platforms.
+                        #[allow(clippy::unnecessary_cast)]
+                        Ok(first_child_exit_code) => Ok(Parent { first_child_exit_code: first_child_exit_code as i32 }),
                     })
                 },
                 Err(err) => Outcome::Parent(Err(err.into())),