summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-04-19 15:46:50 +0000
committerHans-Joerg Hoexer <hshoexer@cvs.openbsd.org>2005-04-19 15:46:50 +0000
commit39de54410bf4abf3081c1653f48f942cd7273fd1 (patch)
treedec4401d92a67bb96cdedfa5e76589e8be267ee8
parentb719e00f60f3c79a339ac36cb2ad9ccb7a625248 (diff)
missing endpwent(), change more carefully to _isakmpd privsep user
ok moritz@
Diffstat
-rw-r--r--sbin/isakmpd/monitor.c17
1 files changed, 13 insertions, 4 deletions
diff --git a/sbin/isakmpd/monitor.c b/sbin/isakmpd/monitor.c
index 548a62ea70a..72700238312 100644
--- a/sbin/isakmpd/monitor.c
+++ b/sbin/isakmpd/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.39 2005/04/08 23:15:26 hshoexer Exp $ */
+/* $OpenBSD: monitor.c,v 1.40 2005/04/19 15:46:49 hshoexer Exp $ */
/*
* Copyright (c) 2003 Håkan Olsson. All rights reserved.
@@ -102,6 +102,7 @@ monitor_init(int debug)
if (pw == NULL)
log_fatal("monitor_init: getpwnam(\"%s\") failed",
ISAKMPD_PRIVSEP_USER);
+ endpwent();
m_state.pid = fork();
m_state.s = p[m_state.pid ? 1 : 0];
@@ -115,11 +116,19 @@ monitor_init(int debug)
if (chroot(pw->pw_dir) != 0 || chdir("/") != 0)
log_fatal("monitor_init: chroot failed");
- if (setgid(pw->pw_gid) != 0)
+ if (setgroups(1, &pw->pw_gid) == -1)
+ log_fatal("monitor_init: setgroups(%d) failed",
+ pw->pw_gid);
+ if (setegid(pw->pw_gid) == -1)
+ log_fatal("monitor_init: setegid(%d) failed",
+ pw->pw_gid);
+ if (setgid(pw->pw_gid) == -1)
log_fatal("monitor_init: setgid(%d) failed",
pw->pw_gid);
-
- if (setuid(pw->pw_uid) != 0)
+ if (seteuid(pw->pw_uid) == -1)
+ log_fatal("monitor_init: seteuid(%d) failed",
+ pw->pw_uid);
+ if (setuid(pw->pw_uid) == -1)
log_fatal("monitor_init: setuid(%d) failed",
pw->pw_uid);
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-23 20:47:21 +0000