diff options
| author | Gleydson Soares <gsoares@cvs.openbsd.org> | 2016-03-10 00:07:04 +0000 |
|---|---|---|
| committer | Gleydson Soares <gsoares@cvs.openbsd.org> | 2016-03-10 00:07:04 +0000 |
| commit | 8d6eb4c141f854b64b1fec0e1746b070acbc2f77 (patch) | |
| tree | f611a0f538984cc1f991245dbd86629d8e4f13ab /libexec/spamd/spamd.c | |
| parent | 1576f81c204e6568eb84539384a56a8725a28172 (diff) | |
- add a define for "_spamd" user like others OpenBSD daemons;
- check for root privileges, otherwise exit early with an appropriate
status code and a formatted string;
- be more specific with chroot()/chdir() checks.
OK beck@
Diffstat (limited to 'libexec/spamd/spamd.c')
| -rw-r--r-- | libexec/spamd/spamd.c | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c index b0241b9e373..f26b3c307d8 100644 --- a/libexec/spamd/spamd.c +++ b/libexec/spamd/spamd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: spamd.c,v 1.137 2015/12/12 20:09:28 mmcc Exp $ */ +/* $OpenBSD: spamd.c,v 1.138 2016/03/10 00:07:03 gsoares Exp $ */ /* * Copyright (c) 2015 Henning Brauer <henning@openbsd.org> @@ -93,6 +93,8 @@ struct con { #define SPAMD_TLS_ACT_WRITE_POLLIN 3 #define SPAMD_TLS_ACT_WRITE_POLLOUT 4 +#define SPAMD_USER "_spamd" + void usage(void); char *grow_obuf(struct con *, int); int parse_configline(char *); @@ -1362,8 +1364,11 @@ main(int argc, char *argv[]) err(1, "sync init"); } - if ((pw = getpwnam("_spamd")) == NULL) - errx(1, "no such user _spamd"); + if (geteuid()) + errx(1, "need root privileges"); + + if ((pw = getpwnam(SPAMD_USER)) == NULL) + errx(1, "no such user %s", SPAMD_USER); if (!greylist) { maxblack = maxcon; @@ -1493,8 +1498,12 @@ main(int argc, char *argv[]) } close(trappipe[1]); - if (chroot("/var/empty") == -1 || chdir("/") == -1) { - syslog(LOG_ERR, "cannot chdir to /var/empty."); + if (chroot("/var/empty") == -1) { + syslog(LOG_ERR, "cannot chroot to /var/empty."); + exit(1); + } + if (chdir("/") == -1) { + syslog(LOG_ERR, "cannot chdir to /"); exit(1); } |