From 8d6eb4c141f854b64b1fec0e1746b070acbc2f77 Mon Sep 17 00:00:00 2001
From: Gleydson Soares <gsoares@cvs.openbsd.org>
Date: Thu, 10 Mar 2016 00:07:04 +0000
Subject: - add a define for "_spamd" user like others OpenBSD daemons; - check
 for root privileges, otherwise exit early with an appropriate status code and
 a formatted string; - be more specific with chroot()/chdir() checks.

OK beck@
---
 libexec/spamd/spamd.c | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'libexec/spamd/spamd.c')

diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c
index b0241b9e373..f26b3c307d8 100644
--- a/libexec/spamd/spamd.c
+++ b/libexec/spamd/spamd.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: spamd.c,v 1.137 2015/12/12 20:09:28 mmcc Exp $	*/
+/*	$OpenBSD: spamd.c,v 1.138 2016/03/10 00:07:03 gsoares Exp $	*/
 
 /*
  * Copyright (c) 2015 Henning Brauer <henning@openbsd.org>
@@ -93,6 +93,8 @@ struct con {
 #define	SPAMD_TLS_ACT_WRITE_POLLIN	3
 #define	SPAMD_TLS_ACT_WRITE_POLLOUT	4
 
+#define	SPAMD_USER			"_spamd"
+
 void     usage(void);
 char    *grow_obuf(struct con *, int);
 int      parse_configline(char *);
@@ -1362,8 +1364,11 @@ main(int argc, char *argv[])
 			err(1, "sync init");
 	}
 
-	if ((pw = getpwnam("_spamd")) == NULL)
-		errx(1, "no such user _spamd");
+	if (geteuid())
+		errx(1, "need root privileges");
+
+	if ((pw = getpwnam(SPAMD_USER)) == NULL)
+		errx(1, "no such user %s", SPAMD_USER);
 
 	if (!greylist) {
 		maxblack = maxcon;
@@ -1493,8 +1498,12 @@ main(int argc, char *argv[])
 			}
 			close(trappipe[1]);
 
-			if (chroot("/var/empty") == -1 || chdir("/") == -1) {
-				syslog(LOG_ERR, "cannot chdir to /var/empty.");
+			if (chroot("/var/empty") == -1) {
+				syslog(LOG_ERR, "cannot chroot to /var/empty.");
+				exit(1);
+			}			
+ 			if (chdir("/") == -1) {
+				syslog(LOG_ERR, "cannot chdir to /");
 				exit(1);
 			}
 
-- 
cgit v1.2.3