safely drop privs
This commit is contained in:
Florian Obser
parent
8d69d84784
commit
75cf996cec
1 changed files with 7 additions and 1 deletions
8
main.c
8
main.c
|
|
@ -48,8 +48,14 @@ drop_privileges(const char *user, const char *path)
|
||||||
syslog(LOG_DAEMON, "the path %s can't be used for chroot", path);
|
syslog(LOG_DAEMON, "the path %s can't be used for chroot", path);
|
||||||
err(1, "chroot");
|
err(1, "chroot");
|
||||||
}
|
}
|
||||||
|
if (chdir("/") == -1) {
|
||||||
|
syslog(LOG_DAEMON, "failed to chdir(\"/\")");
|
||||||
|
err(1, "chdir");
|
||||||
|
}
|
||||||
/* drop privileges */
|
/* drop privileges */
|
||||||
if (setuid(pw->pw_uid) != 0) {
|
if (setgroups(1, &pw->pw_gid) ||
|
||||||
|
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
|
||||||
|
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
|
||||||
syslog(LOG_DAEMON, "dropping privileges to user %s (uid=%i) failed",
|
syslog(LOG_DAEMON, "dropping privileges to user %s (uid=%i) failed",
|
||||||
user, pw->pw_uid);
|
user, pw->pw_uid);
|
||||||
err(1, "Can't drop privileges");
|
err(1, "Can't drop privileges");
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue