From 2438eadd49b3d0d1153498ffc883d8c0c3e6ecba Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Sun, 2 Dec 2012 21:49:19 +0100
Subject: use libglouglou droppriv to user _glougloud, and create group/user
 during make install

---
 glougloud/Makefile    | 12 ++++++++++++
 glougloud/glougloud.c |  7 +++++++
 2 files changed, 19 insertions(+)

diff --git a/glougloud/Makefile b/glougloud/Makefile
index f3ac56c..6e66791 100644
--- a/glougloud/Makefile
+++ b/glougloud/Makefile
@@ -11,6 +11,18 @@ all:
 	$(CC) $(OBJS) -o $(PROG) $(LDFLAGS)
 
 install: $(PROG)
+	@echo "creating group and user _glougloud"
+	@uname -a |grep -i linux >/dev/null ;\
+	if [ $$? -eq 0 ]; then \
+		cmdg="groupadd -r _glougloud" ;\
+		cmdu="useradd -r -g _glougloud -d /var/empty/ -s /sbin/nologin _glougloud" ;\
+	else \
+		cmdg="" ;\
+		cmdu="useradd -g =uid -d /var/empty/ -s /sbin/nologin _glougloud" ;\
+	fi ;\
+	echo $$cmdg; $$($$cmdg) ;\
+	echo $$cmdu; $$($$cmdu) ;\
+	echo done
 	@echo "installation of $(PROG)"
 	mkdir -p $(BINDIR)
 	install -m 0755 $(PROG) $(BINDIR)
diff --git a/glougloud/glougloud.c b/glougloud/glougloud.c
index 2b57fea..5bb62b0 100644
--- a/glougloud/glougloud.c
+++ b/glougloud/glougloud.c
@@ -17,6 +17,8 @@
 
 #include <libglouglou.h>
 
+#define GLOUGLOUD_USER "_glougloud"
+
 struct gg_server *ggserv_probes;
 struct gg_server *ggserv_analysers;
 struct event_base *ev_base;
@@ -71,6 +73,11 @@ main(int argc, char **argv)
 		}
 	}
 
+	if (geteuid() != 0)
+		errx(1, "must be root");
+
+	droppriv(GLOUGLOUD_USER);
+
   gg_verbosity_set(loglevel);
 
 	ev_base = event_base_new();
-- 
cgit v1.2.3-59-g8ed1b