diff options
| author |   Laurent Ghigonis <laurent@p1sec.com> | 2013-06-05 21:30:10 +0200 |
|---|---|---|
| committer | Laurent Ghigonis <laurent@p1sec.com> | 2013-06-05 21:30:10 +0200 |
| commit | 1d69ae5e661f4e8591eabc4482dae4b8eedf2032 (patch) | |
| tree | 1fb299673b756e74e6ea157cd29ced7b6dcc073a | |
| parent | add libpcap/libdnet spikes (diff) | |
| download | glouglou-1d69ae5e661f4e8591eabc4482dae4b8eedf2032.tar.xz glouglou-1d69ae5e661f4e8591eabc4482dae4b8eedf2032.zip | |
spike dnet_intf_get_dst: droppriv
| -rw-r--r-- | spike/dnet_intf_get_dst.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spike/dnet_intf_get_dst.c b/spike/dnet_intf_get_dst.c index ed0f3ce..c629f7f 100644 --- a/spike/dnet_intf_get_dst.c +++ b/spike/dnet_intf_get_dst.c @@ -1,5 +1,32 @@ #include <dnet.h> #include <stdio.h> +#include <pwd.h> +#include <grp.h> + +void +_droppriv(char *user, int do_chroot, char *chroot_path) +{ + struct passwd *pw; + + pw = getpwnam(user); + if (!pw) + err(1, "unknown user %s", user); + if (do_chroot) { + if (!chroot_path) + chroot_path = pw->pw_dir; + if (chroot(chroot_path) != 0) + err(1, "unable to chroot"); + } + if (chdir("/") != 0) + err(1, "unable to chdir"); + if (setgroups(1, &pw->pw_gid) == -1) + err(1, "setgroups() failed"); + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) + err(1, "setresgid failed"); + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) + err(1, "setresuid() failed"); + endpwent(); +} int main(int argc, char **argv) { @@ -15,6 +42,8 @@ main(int argc, char **argv) { addr_aton(argv[1], &dst); printf("dst: %s\n", addr_ntoa(&dst)); + _droppriv("nobody", 1, NULL); /* bad practise, use dedicated user */ + intf = intf_open(); err = intf_get_dst(intf, &entry, &dst); |