diff options
Diffstat (limited to 'daemon/main.c')
| -rw-r--r-- | daemon/main.c | 51 |
1 files changed, 27 insertions, 24 deletions
diff --git a/daemon/main.c b/daemon/main.c index 0557f0e..363f3d5 100644 --- a/daemon/main.c +++ b/daemon/main.c | |||
| @@ -525,32 +525,35 @@ int main(int argc, char *argv[]) | |||
| 525 | res = -1; | 525 | res = -1; |
| 526 | goto terminate; | 526 | goto terminate; |
| 527 | } | 527 | } |
| 528 | if (pw->pw_uid == 0) { | ||
| 529 | usbmuxd_log(LL_INFO, "Not dropping privileges to root"); | ||
| 530 | } else { | ||
| 531 | if ((res = initgroups(drop_user, pw->pw_gid)) < 0) { | ||
| 532 | usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set supplementary groups)"); | ||
| 533 | goto terminate; | ||
| 534 | } | ||
| 535 | if ((res = setgid(pw->pw_gid)) < 0) { | ||
| 536 | usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set group ID to %d)", pw->pw_gid); | ||
| 537 | goto terminate; | ||
| 538 | } | ||
| 539 | if ((res = setuid(pw->pw_uid)) < 0) { | ||
| 540 | usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set user ID to %d)", pw->pw_uid); | ||
| 541 | goto terminate; | ||
| 542 | } | ||
| 528 | 543 | ||
| 529 | if ((res = initgroups(drop_user, pw->pw_gid)) < 0) { | 544 | // security check |
| 530 | usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set supplementary groups)"); | 545 | if (setuid(0) != -1) { |
| 531 | goto terminate; | 546 | usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); |
| 532 | } | 547 | res = -1; |
| 533 | if ((res = setgid(pw->pw_gid)) < 0) { | 548 | goto terminate; |
| 534 | usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set group ID to %d)", pw->pw_gid); | 549 | } |
| 535 | goto terminate; | 550 | if (getuid() != pw->pw_uid || getgid() != pw->pw_gid) { |
| 536 | } | 551 | usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); |
| 537 | if ((res = setuid(pw->pw_uid)) < 0) { | 552 | res = -1; |
| 538 | usbmuxd_log(LL_FATAL, "Failed to drop privileges (cannot set user ID to %d)", pw->pw_uid); | 553 | goto terminate; |
| 539 | goto terminate; | 554 | } |
| 540 | } | 555 | usbmuxd_log(LL_NOTICE, "Successfully dropped privileges to '%s'", drop_user); |
| 541 | |||
| 542 | // security check | ||
| 543 | if (setuid(0) != -1) { | ||
| 544 | usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); | ||
| 545 | res = -1; | ||
| 546 | goto terminate; | ||
| 547 | } | ||
| 548 | if (getuid() != pw->pw_uid || getgid() != pw->pw_gid) { | ||
| 549 | usbmuxd_log(LL_FATAL, "Failed to drop privileges properly!"); | ||
| 550 | res = -1; | ||
| 551 | goto terminate; | ||
| 552 | } | 556 | } |
| 553 | usbmuxd_log(LL_NOTICE, "Successfully dropped privileges to '%s'", drop_user); | ||
| 554 | } | 557 | } |
| 555 | 558 | ||
| 556 | client_init(); | 559 | client_init(); |