shrpx: drop root priviledgs after loading private key

examples/shrpx.cc

@@ -202,6 +202,26 @@ evconnlistener* create_evlistener(ListenHandler *handler, int family)
 }
 } // namespace
 
+namespace {
+void drop_privileges()
+{
+  if(getuid() == 0 && get_config()->uid != 0) {
+    if(setgid(get_config()->gid) != 0) {
+      LOG(FATAL) << "Could not change gid: " << strerror(errno);
+      exit(EXIT_FAILURE);
+    }
+    if(setuid(get_config()->uid) != 0) {
+      LOG(FATAL) << "Could not change uid: " << strerror(errno);
+      exit(EXIT_FAILURE);
+    }
+    if(setuid(0) != -1) {
+      LOG(FATAL) << "Still have root privileges?";
+      exit(EXIT_FAILURE);
+    }
+  }
+}
+} // namespace
+
 namespace {
 int event_loop()
 {
@@ -209,6 +229,10 @@ int event_loop()
 
   ListenHandler *listener_handler = new ListenHandler(evbase);
 
+  // ListenHandler loads private key. After that, we drop the root
+  // privileges if needed.
+  drop_privileges();
+
   evconnlistener *evlistener6, *evlistener4;
   evlistener6 = create_evlistener(listener_handler, AF_INET6);
   evlistener4 = create_evlistener(listener_handler, AF_INET);
@@ -583,20 +607,6 @@ int main(int argc, char **argv)
   if(get_config()->pid_file) {
     save_pid();
   }
-  if(getuid() == 0 && get_config()->uid != 0) {
-    if(setgid(get_config()->gid) != 0) {
-      LOG(FATAL) << "Could not change gid: " << strerror(errno);
-      exit(EXIT_FAILURE);
-    }
-    if(setuid(get_config()->uid) != 0) {
-      LOG(FATAL) << "Could not change uid: " << strerror(errno);
-      exit(EXIT_FAILURE);
-    }
-    if(setuid(0) != -1) {
-      LOG(FATAL) << "Still have root privileges?";
-      exit(EXIT_FAILURE);
-    }
-  }
 
   struct sigaction act;
   memset(&act, 0, sizeof(struct sigaction));