diff options
author | Nikias Bassen | 2009-04-17 17:43:59 +0200 |
---|---|---|
committer | Nikias Bassen | 2009-04-17 17:43:59 +0200 |
commit | d54c5f4f0d87f76cf2a11fd88ec18cdbd67edaa2 (patch) | |
tree | d66cdea31d3b020cfe2d859f8e21941095459973 /main.c | |
parent | 8743112105e2f5d1539a266f9e174c9895c7c2c5 (diff) | |
download | usbmuxd-d54c5f4f0d87f76cf2a11fd88ec18cdbd67edaa2.tar.gz usbmuxd-d54c5f4f0d87f76cf2a11fd88ec18cdbd67edaa2.tar.bz2 |
Drop privileges after startup
Diffstat (limited to 'main.c')
-rw-r--r-- | main.c | 25 |
1 files changed, 23 insertions, 2 deletions
@@ -37,6 +37,7 @@ #include <pthread.h> #include <stdint.h> #include <usb.h> +#include <pwd.h> #include "usbmuxd-proto.h" #include "sock_stuff.h" @@ -1018,7 +1019,27 @@ int main(int argc, char **argv) lock.l_whence = SEEK_SET; lock.l_start = 0; lock.l_len = 0; - fcntl(fileno(lfd), F_SETLK, &lock); + if (fcntl(fileno(lfd), F_SETLK, &lock) == -1) { + logmsg(LOG_ERR, "ERROR: lockfile locking failed!"); + } + } + + // drop elevated privileges + if (getuid() == 0 || geteuid() == 0) { + struct passwd *pw = getpwnam("nobody"); + if (pw) { + setuid(pw->pw_uid); + } else { + logmsg(LOG_ERR, "ERROR: Dropping privileges failed, check if user 'nobody' exists! Will now terminate."); + exit(EXIT_FAILURE); + } + + // security check + if (setuid(0) != -1) { + logmsg(LOG_ERR, "ERROR: Failed to drop privileges properly!"); + exit(EXIT_FAILURE); + } + if (verbose >= 2) logmsg(LOG_NOTICE, "Successfully dropped privileges"); } // Reserve space for 10 clients which should be enough. If not, the @@ -1137,7 +1158,7 @@ int main(int argc, char **argv) // unlock lock file and close it. if (lfd) { lock.l_type = F_UNLCK; - fcntl(fileno(lfd), F_SETLK, lock); + fcntl(fileno(lfd), F_SETLK, &lock); fclose(lfd); } |