diff options
-rw-r--r-- | spike/dnet_intf_get_dst.c | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/spike/dnet_intf_get_dst.c b/spike/dnet_intf_get_dst.c index ed0f3ce..c629f7f 100644 --- a/spike/dnet_intf_get_dst.c +++ b/spike/dnet_intf_get_dst.c @@ -1,5 +1,32 @@ #include <dnet.h> #include <stdio.h> +#include <pwd.h> +#include <grp.h> + +void +_droppriv(char *user, int do_chroot, char *chroot_path) +{ + struct passwd *pw; + + pw = getpwnam(user); + if (!pw) + err(1, "unknown user %s", user); + if (do_chroot) { + if (!chroot_path) + chroot_path = pw->pw_dir; + if (chroot(chroot_path) != 0) + err(1, "unable to chroot"); + } + if (chdir("/") != 0) + err(1, "unable to chdir"); + if (setgroups(1, &pw->pw_gid) == -1) + err(1, "setgroups() failed"); + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) + err(1, "setresgid failed"); + if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) == -1) + err(1, "setresuid() failed"); + endpwent(); +} int main(int argc, char **argv) { @@ -15,6 +42,8 @@ main(int argc, char **argv) { addr_aton(argv[1], &dst); printf("dst: %s\n", addr_ntoa(&dst)); + _droppriv("nobody", 1, NULL); /* bad practise, use dedicated user */ + intf = intf_open(); err = intf_get_dst(intf, &entry, &dst); |