summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorgsoares <gsoares@openbsd.org>2016-03-10 00:07:03 +0000
committergsoares <gsoares@openbsd.org>2016-03-10 00:07:03 +0000
commit13ce10035c7f886af7f8ab949056e7a8508ccafc (patch)
tree84e9fa9d785314615bbc1acd922b5fc7661d8536
parentsync (diff)
downloadwireguard-openbsd-13ce10035c7f886af7f8ab949056e7a8508ccafc.tar.xz
wireguard-openbsd-13ce10035c7f886af7f8ab949056e7a8508ccafc.zip
- add a define for "_spamd" user like others OpenBSD daemons;
- check for root privileges, otherwise exit early with an appropriate status code and a formatted string; - be more specific with chroot()/chdir() checks. OK beck@
Diffstat
-rw-r--r--libexec/spamd/spamd.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/libexec/spamd/spamd.c b/libexec/spamd/spamd.c
index b0241b9e373..f26b3c307d8 100644
--- a/libexec/spamd/spamd.c
+++ b/libexec/spamd/spamd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: spamd.c,v 1.137 2015/12/12 20:09:28 mmcc Exp $ */
+/* $OpenBSD: spamd.c,v 1.138 2016/03/10 00:07:03 gsoares Exp $ */
/*
* Copyright (c) 2015 Henning Brauer <henning@openbsd.org>
@@ -93,6 +93,8 @@ struct con {
#define SPAMD_TLS_ACT_WRITE_POLLIN 3
#define SPAMD_TLS_ACT_WRITE_POLLOUT 4
+#define SPAMD_USER "_spamd"
+
void usage(void);
char *grow_obuf(struct con *, int);
int parse_configline(char *);
@@ -1362,8 +1364,11 @@ main(int argc, char *argv[])
err(1, "sync init");
}
- if ((pw = getpwnam("_spamd")) == NULL)
- errx(1, "no such user _spamd");
+ if (geteuid())
+ errx(1, "need root privileges");
+
+ if ((pw = getpwnam(SPAMD_USER)) == NULL)
+ errx(1, "no such user %s", SPAMD_USER);
if (!greylist) {
maxblack = maxcon;
@@ -1493,8 +1498,12 @@ main(int argc, char *argv[])
}
close(trappipe[1]);
- if (chroot("/var/empty") == -1 || chdir("/") == -1) {
- syslog(LOG_ERR, "cannot chdir to /var/empty.");
+ if (chroot("/var/empty") == -1) {
+ syslog(LOG_ERR, "cannot chroot to /var/empty.");
+ exit(1);
+ }
+ if (chdir("/") == -1) {
+ syslog(LOG_ERR, "cannot chdir to /");
exit(1);
}
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.