safely drop privs

This commit is contained in:
Florian Obser 2020-12-04 19:39:16 +01:00
parent 8d69d84784
commit 75cf996cec
1 changed files with 7 additions and 1 deletions

8
main.c
View File

@ -48,8 +48,14 @@ drop_privileges(const char *user, const char *path)
syslog(LOG_DAEMON, "the path %s can't be used for chroot", path);
err(1, "chroot");
}
if (chdir("/") == -1) {
syslog(LOG_DAEMON, "failed to chdir(\"/\")");
err(1, "chdir");
}
/* drop privileges */
if (setuid(pw->pw_uid) != 0) {
if (setgroups(1, &pw->pw_gid) ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) {
syslog(LOG_DAEMON, "dropping privileges to user %s (uid=%i) failed",
user, pw->pw_uid);
err(1, "Can't drop privileges");