diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2004-04-13 01:22:31 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2004-04-13 01:22:31 +0000 |
| commit | 5c4ae5509e3b5a8644567b51cc0829d7a11c4599 (patch) | |
| tree | a32b8dfbe0d99b5bf8475d4176ff52e6ef1bf4ca | |
| parent | 9580d3955ba7056160fff62b688fc71a00657ded (diff) | |
chroot to /var/empty and drop privileges, theo ok
| -rw-r--r-- | usr.sbin/dhcrelay/dhcpd.h | 3 | ||||
| -rw-r--r-- | usr.sbin/dhcrelay/dhcrelay.c | 13 |
2 files changed, 15 insertions, 1 deletions
diff --git a/usr.sbin/dhcrelay/dhcpd.h b/usr.sbin/dhcrelay/dhcpd.h index 6b305814d71..d631befe56c 100644 --- a/usr.sbin/dhcrelay/dhcpd.h +++ b/usr.sbin/dhcrelay/dhcpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: dhcpd.h,v 1.1 2004/04/12 21:10:28 henning Exp $ */ +/* $OpenBSD: dhcpd.h,v 1.2 2004/04/13 01:22:30 henning Exp $ */ /* * Copyright (c) 2004 Henning Brauer <henning@openbsd.org> @@ -61,6 +61,7 @@ #include <limits.h> #include <netdb.h> #include <paths.h> +#include <pwd.h> #include <unistd.h> #include <stdarg.h> #include <stdio.h> diff --git a/usr.sbin/dhcrelay/dhcrelay.c b/usr.sbin/dhcrelay/dhcrelay.c index 960c3c62429..548ae897650 100644 --- a/usr.sbin/dhcrelay/dhcrelay.c +++ b/usr.sbin/dhcrelay/dhcrelay.c @@ -68,6 +68,7 @@ main(int argc, char *argv[]) extern char *__progname; struct servent *ent; struct server_list *sp = NULL; + struct passwd *pw; /* Initially, log errors to stderr as well as to syslogd. */ openlog(__progname, LOG_NDELAY, DHCPD_LOG_FACILITY); @@ -163,6 +164,18 @@ main(int argc, char *argv[]) if (!no_daemon) daemon(0, 0); + if ((pw = getpwnam("_dhcp")) == NULL) + error("getpwnam: %m"); + if (chroot("/var/empty") == -1) + error("chroot: %m"); + if (chdir("/") == -1) + error("chdir(\"/\"): %m"); + if (setgroups(1, &pw->pw_gid) || + setegid(pw->pw_gid) || setgid(pw->pw_gid) || + seteuid(pw->pw_uid) || setuid(pw->pw_uid)) + error("can't drop privileges: %m"); + endpwent(); + dispatch(); /* not reached */ |