diff options
| author | solene <solene@cvs.openbsd.org> | 2019-01-31 13:36:43 +0000 |
|---|---|---|
| committer | solene <solene@cvs.openbsd.org> | 2019-01-31 13:36:43 +0000 |
| commit | c587812c4704d995a98f4d11542238607f57a618 (patch) | |
| tree | 59545a9d10e97d4336d69b36f02f30e6d34b9b61 /usr.sbin | |
| parent | 1a094c6172aa074b4f45b736157cd76b23655e53 (diff) | |
restrict commands reload and log to root only
tweaks and ok florian@
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/unwindctl/unwindctl.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/usr.sbin/unwindctl/unwindctl.c b/usr.sbin/unwindctl/unwindctl.c index 7ffc86f42fe..21146b84767 100644 --- a/usr.sbin/unwindctl/unwindctl.c +++ b/usr.sbin/unwindctl/unwindctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: unwindctl.c,v 1.2 2019/01/27 12:41:39 florian Exp $ */ +/* $OpenBSD: unwindctl.c,v 1.3 2019/01/31 13:36:42 solene Exp $ */ /* * Copyright (c) 2005 Claudio Jeker <claudio@openbsd.org> @@ -108,6 +108,19 @@ main(int argc, char *argv[]) imsg_init(ibuf, ctl_sock); done = 0; + /* Check for root-only actions */ + switch (res->action) { + case LOG_DEBUG: + case LOG_VERBOSE: + case LOG_BRIEF: + case RELOAD: + if (geteuid() != 0) + errx(1, "need root privileges"); + break; + default: + break; + } + /* Process user request. */ switch (res->action) { case LOG_DEBUG: |