diff options
| author | Rainer Giedat <rainer@cvs.openbsd.org> | 2008-06-09 22:53:25 +0000 |
|---|---|---|
| committer | Rainer Giedat <rainer@cvs.openbsd.org> | 2008-06-09 22:53:25 +0000 |
| commit | 78fc5032107923a7eba3087758a6098489e6a5fb (patch) | |
| tree | c0446d7517bd7d7ed5764ed20461d45ce0669eba /usr.sbin/rtadvd | |
| parent | 93c232b37d7879e6b0e58fa730b7d3e59fd064d7 (diff) | |
drop root privileges in rtadvd to _rtadvd
ok deraadt@, reyk@, pyr@
Diffstat (limited to 'usr.sbin/rtadvd')
| -rw-r--r-- | usr.sbin/rtadvd/rtadvd.c | 15 | ||||
| -rw-r--r-- | usr.sbin/rtadvd/rtadvd.h | 4 |
2 files changed, 17 insertions, 2 deletions
diff --git a/usr.sbin/rtadvd/rtadvd.c b/usr.sbin/rtadvd/rtadvd.c index 1e1f4829438..c2b67d3f473 100644 --- a/usr.sbin/rtadvd/rtadvd.c +++ b/usr.sbin/rtadvd/rtadvd.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtadvd.c,v 1.35 2008/06/08 21:08:57 rainer Exp $ */ +/* $OpenBSD: rtadvd.c,v 1.36 2008/06/09 22:53:24 rainer Exp $ */ /* $KAME: rtadvd.c,v 1.66 2002/05/29 14:18:36 itojun Exp $ */ /* @@ -55,6 +55,7 @@ #include <string.h> #include <stdlib.h> #include <util.h> +#include <pwd.h> #include "rtadvd.h" #include "rrenum.h" @@ -153,6 +154,7 @@ main(argc, argv) int maxfd = 0; struct timeval *timeout; int i, ch; + struct passwd *pw; log_init(1); /* log to stderr until daemonized */ @@ -227,6 +229,17 @@ main(argc, argv) } else rtsock = -1; + if ((pw = getpwnam(RTADVD_USER)) == NULL) + fatal("getpwnam"); + if (chroot(pw->pw_dir) == -1) + fatal("chroot"); + if (chdir("/") == -1) + fatal("chdir(\"/\")"); + if (setgroups(1, &pw->pw_gid) == -1 || + setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) || + setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid)) + fatal("cannot drop privileges"); + fdmasks = howmany(maxfd + 1, NFDBITS) * sizeof(fd_mask); if ((fdsetp = malloc(fdmasks)) == NULL) { err(1, "malloc"); diff --git a/usr.sbin/rtadvd/rtadvd.h b/usr.sbin/rtadvd/rtadvd.h index 6d4b941a5c5..50ce76d9346 100644 --- a/usr.sbin/rtadvd/rtadvd.h +++ b/usr.sbin/rtadvd/rtadvd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: rtadvd.h,v 1.10 2008/04/23 10:17:50 pyr Exp $ */ +/* $OpenBSD: rtadvd.h,v 1.11 2008/06/09 22:53:24 rainer Exp $ */ /* $KAME: rtadvd.h,v 1.20 2002/05/29 10:13:10 itojun Exp $ */ /* @@ -30,6 +30,8 @@ * SUCH DAMAGE. */ +#define RTADVD_USER "_rtadvd" + #define ALLNODES "ff02::1" #define ALLROUTERS_LINK "ff02::2" #define ALLROUTERS_SITE "ff05::2" |