From e197558f81879f22026a7f154ffb8a5dc5e5e267 Mon Sep 17 00:00:00 2001
From: Laurent Ghigonis <laurent@p1sec.com>
Date: Sun, 2 Dec 2012 22:12:41 +0100
Subject: droppriv() and chroot in /proc

---
 gg_trackproc/gg_trackproc.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/gg_trackproc/gg_trackproc.c b/gg_trackproc/gg_trackproc.c
index b02ea86..cb2f150 100644
--- a/gg_trackproc/gg_trackproc.c
+++ b/gg_trackproc/gg_trackproc.c
@@ -23,7 +23,9 @@
 #include <event.h>
 #include <libglouglou.h>
 
-#define PROC_BASE    "/proc"
+#define GG_SNIFF_USER "_gg_sniff"
+#define CHROOT_PATH   "/proc"
+#define PROC_BASE     "/"
 
 struct gg_client *ggcli;
 struct event_base *ev_base;
@@ -302,6 +304,10 @@ int main(int argc, char **argv)
 				/* NOTREACHED */
 		}
 	}
+
+	if (geteuid() != 0)
+		errx(1, "must be root");
+
   signal(SIGINT, &on_sigint);
   siginterrupt(SIGINT, true);
 
@@ -327,6 +333,8 @@ int main(int argc, char **argv)
   ev_nl = event_new(ev_base, nl_sock, EV_READ|EV_PERSIST, cb_nl, NULL);
   event_add(ev_nl, NULL);
 
+  droppriv(GG_SNIFF_USER, 1, CHROOT_PATH);
+
   event_base_dispatch(ev_base);
 
   set_proc_ev_listen(nl_sock, false);
-- 
cgit v1.2.3-59-g8ed1b