Drop root privileges earlier
We don't need the root privileges after we unshare and the first fork. Therefor we can drop those for safety reasons.
This commit is contained in:
parent
f3cd63c137
commit
1f5e1a9c1f
1 changed files with 19 additions and 15 deletions
34
main.c
34
main.c
|
@ -9,6 +9,22 @@
|
|||
#include <sys/wait.h>
|
||||
#include <unistd.h>
|
||||
|
||||
void drop_root(void) {
|
||||
// Drop root privileges
|
||||
if (seteuid(getuid()) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with seteuid (%d)\n", err);
|
||||
exit(err);
|
||||
}
|
||||
|
||||
if (setegid(getgid()) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with setegid (%d)\n", err);
|
||||
exit(err);
|
||||
}
|
||||
}
|
||||
|
||||
char** argdup(int argc, const char** argv)
|
||||
{
|
||||
|
@ -46,6 +62,9 @@ int main(int argc, const char** argv)
|
|||
return err;
|
||||
}
|
||||
|
||||
// Drop root privileges, we only needed those for the unshare call and fork above.
|
||||
drop_root();
|
||||
|
||||
if (pid != 0)
|
||||
{
|
||||
// parent waits for child then exits
|
||||
|
@ -94,21 +113,6 @@ int main(int argc, const char** argv)
|
|||
// First child of init process. do exec here
|
||||
// use cli arguments for subprocess. skip 0 as it's our programs name.
|
||||
|
||||
// Drop root privileges
|
||||
if (seteuid(getuid()) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with seteuid (%d)\n", err);
|
||||
return err;
|
||||
}
|
||||
|
||||
if (setegid(getgid()) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with setegid (%d)\n", err);
|
||||
return err;
|
||||
}
|
||||
|
||||
char** newargs = argdup(argc-1, &argv[1]);
|
||||
|
||||
if (execvp(newargs[0], newargs) == -1)
|
||||
|
|
Loading…
Reference in a new issue