diff options
Diffstat (limited to 'usbmuxd')
| -rw-r--r-- | usbmuxd/main.c | 32 |
1 files changed, 30 insertions, 2 deletions
diff --git a/usbmuxd/main.c b/usbmuxd/main.c index 3318ecd..ea332a4 100644 --- a/usbmuxd/main.c +++ b/usbmuxd/main.c | |||
| @@ -34,6 +34,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA | |||
| 34 | #include <sys/un.h> | 34 | #include <sys/un.h> |
| 35 | #include <sys/stat.h> | 35 | #include <sys/stat.h> |
| 36 | #include <getopt.h> | 36 | #include <getopt.h> |
| 37 | #include <pwd.h> | ||
| 37 | 38 | ||
| 38 | #include "log.h" | 39 | #include "log.h" |
| 39 | #include "usb.h" | 40 | #include "usb.h" |
| @@ -47,6 +48,7 @@ struct sigaction sa_old; | |||
| 47 | 48 | ||
| 48 | static int verbose = 0; | 49 | static int verbose = 0; |
| 49 | static int foreground = 0; | 50 | static int foreground = 0; |
| 51 | static int drop_privileges = 0; | ||
| 50 | 52 | ||
| 51 | int create_socket(void) { | 53 | int create_socket(void) { |
| 52 | struct sockaddr_un bind_addr; | 54 | struct sockaddr_un bind_addr; |
| @@ -222,6 +224,7 @@ static void usage() | |||
| 222 | printf("\t-h|--help Print this message.\n"); | 224 | printf("\t-h|--help Print this message.\n"); |
| 223 | printf("\t-v|--verbose Be verbose (use twice or more to increase).\n"); | 225 | printf("\t-v|--verbose Be verbose (use twice or more to increase).\n"); |
| 224 | printf("\t-f|--foreground Do not daemonize (implies a verbosity of 4).\n"); | 226 | printf("\t-f|--foreground Do not daemonize (implies a verbosity of 4).\n"); |
| 227 | printf("\t-d|--drop-privileges Drop privileges after startup.\n"); | ||
| 225 | printf("\n"); | 228 | printf("\n"); |
| 226 | } | 229 | } |
| 227 | 230 | ||
| @@ -231,12 +234,13 @@ static void parse_opts(int argc, char **argv) | |||
| 231 | {"help", 0, NULL, 'h'}, | 234 | {"help", 0, NULL, 'h'}, |
| 232 | {"foreground", 0, NULL, 'f'}, | 235 | {"foreground", 0, NULL, 'f'}, |
| 233 | {"verbose", 0, NULL, 'v'}, | 236 | {"verbose", 0, NULL, 'v'}, |
| 237 | {"drop-privileges", 0, NULL, 'd'}, | ||
| 234 | {NULL, 0, NULL, 0} | 238 | {NULL, 0, NULL, 0} |
| 235 | }; | 239 | }; |
| 236 | int c; | 240 | int c; |
| 237 | 241 | ||
| 238 | while (1) { | 242 | while (1) { |
| 239 | c = getopt_long(argc, argv, "hfv", longopts, (int *) 0); | 243 | c = getopt_long(argc, argv, "hfvd", longopts, (int *) 0); |
| 240 | if (c == -1) { | 244 | if (c == -1) { |
| 241 | break; | 245 | break; |
| 242 | } | 246 | } |
| @@ -251,6 +255,9 @@ static void parse_opts(int argc, char **argv) | |||
| 251 | case 'v': | 255 | case 'v': |
| 252 | ++verbose; | 256 | ++verbose; |
| 253 | break; | 257 | break; |
| 258 | case 'd': | ||
| 259 | drop_privileges = 1; | ||
| 260 | break; | ||
| 254 | default: | 261 | default: |
| 255 | usage(); | 262 | usage(); |
| 256 | exit(2); | 263 | exit(2); |
| @@ -304,7 +311,28 @@ int main(int argc, char *argv[]) | |||
| 304 | exit(EXIT_FAILURE); | 311 | exit(EXIT_FAILURE); |
| 305 | } | 312 | } |
| 306 | } | 313 | } |
| 307 | 314 | ||
| 315 | // drop elevated privileges | ||
| 316 | if (drop_privileges && (getuid() == 0 || geteuid() == 0)) { | ||
| 317 | struct passwd *pw = getpwnam("nobody"); | ||
| 318 | if (pw) { | ||
| 319 | setuid(pw->pw_uid); | ||
| 320 | } else { | ||
| 321 | usbmuxd_log(LL_ERROR, | ||
| 322 | "ERROR: Dropping privileges failed, check if user 'nobody' exists! Will now terminate."); | ||
| 323 | log_disable_syslog(); | ||
| 324 | exit(EXIT_FAILURE); | ||
| 325 | } | ||
| 326 | |||
| 327 | // security check | ||
| 328 | if (setuid(0) != -1) { | ||
| 329 | usbmuxd_log(LL_ERROR, "ERROR: Failed to drop privileges properly!"); | ||
| 330 | log_disable_syslog(); | ||
| 331 | exit(EXIT_FAILURE); | ||
| 332 | } | ||
| 333 | usbmuxd_log(LL_NOTICE, "Successfully dropped privileges"); | ||
| 334 | } | ||
| 335 | |||
| 308 | res = main_loop(listenfd); | 336 | res = main_loop(listenfd); |
| 309 | if(res < 0) | 337 | if(res < 0) |
| 310 | usbmuxd_log(LL_FATAL, "main_loop failed"); | 338 | usbmuxd_log(LL_FATAL, "main_loop failed"); |