diff options
| author | 2009-08-16 19:20:48 +0200 | |
|---|---|---|
| committer | 2009-08-16 21:50:53 +0200 | |
| commit | cb7845397842fb813bae9aa2f9d10b75e04ce8e6 (patch) | |
| tree | b1bc9e594370d0ea3211699801bba93a0f1c1ff5 /usbmuxd | |
| parent | a63578e2d71ae304f6f405b5bb491547f43b79ac (diff) | |
| download | usbmuxd-cb7845397842fb813bae9aa2f9d10b75e04ce8e6.tar.gz usbmuxd-cb7845397842fb813bae9aa2f9d10b75e04ce8e6.tar.bz2 | |
Added option to drop privileges after startup.
Diffstat (limited to 'usbmuxd')
| -rw-r--r-- | usbmuxd/main.c | 32 | 
1 files changed, 30 insertions, 2 deletions
| diff --git a/usbmuxd/main.c b/usbmuxd/main.c index 3318ecd..ea332a4 100644 --- a/usbmuxd/main.c +++ b/usbmuxd/main.c @@ -34,6 +34,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA  #include <sys/un.h>  #include <sys/stat.h>  #include <getopt.h> +#include <pwd.h>  #include "log.h"  #include "usb.h" @@ -47,6 +48,7 @@ struct sigaction sa_old;  static int verbose = 0;  static int foreground = 0; +static int drop_privileges = 0;  int create_socket(void) {  	struct sockaddr_un bind_addr; @@ -222,6 +224,7 @@ static void usage()  	printf("\t-h|--help                 Print this message.\n");  	printf("\t-v|--verbose              Be verbose (use twice or more to increase).\n");  	printf("\t-f|--foreground           Do not daemonize (implies a verbosity of 4).\n"); +	printf("\t-d|--drop-privileges      Drop privileges after startup.\n");  	printf("\n");  } @@ -231,12 +234,13 @@ static void parse_opts(int argc, char **argv)  		{"help", 0, NULL, 'h'},  		{"foreground", 0, NULL, 'f'},  		{"verbose", 0, NULL, 'v'}, +		{"drop-privileges", 0, NULL, 'd'},  		{NULL, 0, NULL, 0}  	};  	int c;  	while (1) { -		c = getopt_long(argc, argv, "hfv", longopts, (int *) 0); +		c = getopt_long(argc, argv, "hfvd", longopts, (int *) 0);  		if (c == -1) {  			break;  		} @@ -251,6 +255,9 @@ static void parse_opts(int argc, char **argv)  		case 'v':  			++verbose;  			break; +		case 'd': +			drop_privileges = 1; +			break;  		default:  			usage();  			exit(2); @@ -304,7 +311,28 @@ int main(int argc, char *argv[])  			exit(EXIT_FAILURE);  		}  	} -	 + +	// drop elevated privileges +	if (drop_privileges && (getuid() == 0 || geteuid() == 0)) { +		struct passwd *pw = getpwnam("nobody"); +		if (pw) { +			setuid(pw->pw_uid); +		} else { +			usbmuxd_log(LL_ERROR, +				   "ERROR: Dropping privileges failed, check if user 'nobody' exists! Will now terminate."); +			log_disable_syslog(); +			exit(EXIT_FAILURE); +		} + +		// security check +		if (setuid(0) != -1) { +			usbmuxd_log(LL_ERROR, "ERROR: Failed to drop privileges properly!"); +			log_disable_syslog(); +			exit(EXIT_FAILURE); +		} +		usbmuxd_log(LL_NOTICE, "Successfully dropped privileges"); +	} +  	res = main_loop(listenfd);  	if(res < 0)  		usbmuxd_log(LL_FATAL, "main_loop failed"); | 
