droppriv(): ability not to chroot, and to chroot in a specific directory

WARNING: droppriv() API breakage
author: Laurent Ghigonis <laurent@p1sec.com> 2012-12-02 22:11:09 +0100
committer: Laurent Ghigonis <laurent@p1sec.com> 2012-12-02 22:11:39 +0100
commit: 1513101a3f80ff9a3e6e9c66cf10482d8e60b8aa (patch)
tree: eae6bb9f9826da5ae00c70e4616c39ff0348eedd /libglouglou/utils.c
parent: use a variable to store dedicated USER _glougloud (diff)
download: glouglou-1513101a3f80ff9a3e6e9c66cf10482d8e60b8aa.tar.xz
glouglou-1513101a3f80ff9a3e6e9c66cf10482d8e60b8aa.zip
1 files changed, 7 insertions, 3 deletions
diff --git a/libglouglou/utils.c b/libglouglou/utils.c
index 9915bf2..8ca3660 100644
--- a/libglouglou/utils.c
+++ b/libglouglou/utils.c
@@ -174,15 +174,19 @@ addrcmp(struct sockaddr_in *a, struct sockaddr_in *b)
 }
 
 void
-droppriv(char *user)
+droppriv(char *user, int do_chroot, char *chroot_path)
 {
 	struct passwd	*pw;
 
 	pw = getpwnam(user);
 	if (!pw)
 		err(1, "unknown user %s", user);
-	if (chroot(pw->pw_dir) != 0)
-		err(1, "unable to chroot");
+	if (do_chroot) {
+    if (!chroot_path)
+      chroot_path = pw->pw_dir;
+    if (chroot(chroot_path) != 0)
+      err(1, "unable to chroot");
+  }
 	if (chdir("/") != 0)
 		err(1, "unable to chdir");
 	if (setgroups(1, &pw->pw_gid) == -1)
author	Laurent Ghigonis <laurent@p1sec.com>	2012-12-02 22:11:09 +0100
committer	Laurent Ghigonis <laurent@p1sec.com>	2012-12-02 22:11:39 +0100
commit	1513101a3f80ff9a3e6e9c66cf10482d8e60b8aa (patch)
tree	eae6bb9f9826da5ae00c70e4616c39ff0348eedd /libglouglou/utils.c
parent	use a variable to store dedicated USER _glougloud (diff)
download	glouglou-1513101a3f80ff9a3e6e9c66cf10482d8e60b8aa.tar.xz glouglou-1513101a3f80ff9a3e6e9c66cf10482d8e60b8aa.zip