1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
|
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
#include <pwd.h>
#include <sys/resource.h>
#include <sys/prctl.h>
#include "process.h"
void drop_privileges()
{
struct passwd *user;
struct rlimit limit;
if (!geteuid()) {
user = getpwnam("nobody");
if (!user) {
perror("getpwnam");
exit(EXIT_FAILURE);
}
if (chroot("/var/empty")) {
perror("chroot");
exit(EXIT_FAILURE);
}
if (chdir("/")) {
perror("chdir");
exit(EXIT_FAILURE);
}
if (setresgid(user->pw_gid, user->pw_gid, user->pw_gid)) {
perror("setresgid");
exit(EXIT_FAILURE);
}
if (setgroups(1, &user->pw_gid)) {
perror("setgroups");
exit(EXIT_FAILURE);
}
if (setresuid(user->pw_uid, user->pw_uid, user->pw_uid)) {
perror("setresuid");
exit(EXIT_FAILURE);
}
}
limit.rlim_cur = limit.rlim_max = 8192;
setrlimit(RLIMIT_DATA, &limit);
setrlimit(RLIMIT_MEMLOCK, &limit);
setrlimit(RLIMIT_AS, &limit);
setrlimit(RLIMIT_STACK, &limit);
limit.rlim_cur = limit.rlim_max = 0;
setrlimit(RLIMIT_CORE, &limit);
setrlimit(RLIMIT_NPROC, &limit);
if (!geteuid() || !getegid()) {
fprintf(stderr, "Mysteriously still running as root... Goodbye.\n");
exit(EXIT_FAILURE);
}
}
void set_process_name(const char *name, int argc, char *argv[])
{
char *start, *end;
prctl(PR_SET_NAME, name);
end = argv[argc - 1] + strlen(argv[argc - 1]);
strcpy(argv[0], name);
start = argv[0] + strlen(argv[0]);
while (start < end)
*(start++) = '\0';
}
|
