From 7b909ed005b5fd9667cb85ddf83deb4e28431933 Mon Sep 17 00:00:00 2001
From: Ravin Perera <33562092+ravinsp@users.noreply.github.com>
Date: Thu, 15 Jul 2021 09:26:20 +0530
Subject: [PATCH] Perform contract setuid just before execv. (#332)

---
 src/sc/sc.cpp | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/sc/sc.cpp b/src/sc/sc.cpp
index 5343a819..1f30dc47 100644
--- a/src/sc/sc.cpp
+++ b/src/sc/sc.cpp
@@ -168,13 +168,6 @@ namespace sc
 
             // Set up the process environment and overlay the contract binary program with execv().
 
-            // Set user execution user/group if specified (Must set gid before setting uid).
-            if (!conf::cfg.contract.run_as.empty() && (setgid(conf::cfg.contract.run_as.gid) == -1 || setuid(conf::cfg.contract.run_as.uid) == -1))
-            {
-                std::cerr << errno << ": Contract process setgid/uid failed." << (ctx.args.readonly ? " (rdonly)" : "") << "\n";
-                exit(1);
-            }
-
             if (create_contract_log_files(ctx) == -1)
             {
                 std::cerr << errno << ": Contract process output redirection failed." << (ctx.args.readonly ? " (rdonly)" : "") << "\n";
@@ -222,6 +215,14 @@ namespace sc
                 exit(1);
             }
 
+            // Just before we execv the contract binary, we set user execution user/group if specified in hp config.
+            // (Must set gid before setting uid)
+            if (!conf::cfg.contract.run_as.empty() && (setgid(conf::cfg.contract.run_as.gid) == -1 || setuid(conf::cfg.contract.run_as.uid) == -1))
+            {
+                std::cerr << errno << ": Contract process setgid/uid failed." << (ctx.args.readonly ? " (rdonly)" : "") << "\n";
+                exit(1);
+            }
+
             execv(execv_args[0], execv_args);
             std::cerr << errno << ": Contract process execv failed." << (ctx.args.readonly ? " (rdonly)" : "") << "\n";
             exit(1);