aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLaurent Ghigonis <laurent@p1sec.com>2012-12-02 22:12:41 +0100
committerLaurent Ghigonis <laurent@p1sec.com>2012-12-02 22:12:41 +0100
commite197558f81879f22026a7f154ffb8a5dc5e5e267 (patch)
tree09fecdfe299b62d830405ebd0b9df654a14f9bfe
parentfix droppriv call after API breakage (diff)
downloadglouglou-e197558f81879f22026a7f154ffb8a5dc5e5e267.tar.xz
glouglou-e197558f81879f22026a7f154ffb8a5dc5e5e267.zip
droppriv() and chroot in /proc
-rw-r--r--gg_trackproc/gg_trackproc.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/gg_trackproc/gg_trackproc.c b/gg_trackproc/gg_trackproc.c
index b02ea86..cb2f150 100644
--- a/gg_trackproc/gg_trackproc.c
+++ b/gg_trackproc/gg_trackproc.c
@@ -23,7 +23,9 @@
#include <event.h>
#include <libglouglou.h>
-#define PROC_BASE "/proc"
+#define GG_SNIFF_USER "_gg_sniff"
+#define CHROOT_PATH "/proc"
+#define PROC_BASE "/"
struct gg_client *ggcli;
struct event_base *ev_base;
@@ -302,6 +304,10 @@ int main(int argc, char **argv)
/* NOTREACHED */
}
}
+
+ if (geteuid() != 0)
+ errx(1, "must be root");
+
signal(SIGINT, &on_sigint);
siginterrupt(SIGINT, true);
@@ -327,6 +333,8 @@ int main(int argc, char **argv)
ev_nl = event_new(ev_base, nl_sock, EV_READ|EV_PERSIST, cb_nl, NULL);
event_add(ev_nl, NULL);
+ droppriv(GG_SNIFF_USER, 1, CHROOT_PATH);
+
event_base_dispatch(ev_base);
set_proc_ev_listen(nl_sock, false);