Make dropped root privileges permanent
seteuid sets the effective uid but at the same time retains the old effective uid as a so called saved uid, which allows the process to go back to root at a later point in time. As we don't want that, we use the function setresuid and setresgid instead, allowing to set the real, effective and saved uid/gid. We keep the real uid/gid unchanged, but set the effective and saved uid/gid to the value of the real uid. This forbids us to not regain root priviliges.
This commit is contained in:
parent
5fe9ba36a2
commit
650a576c56
1 changed files with 5 additions and 3 deletions
8
main.c
8
main.c
|
@ -13,15 +13,17 @@
|
|||
pid_t pid_child;
|
||||
|
||||
void drop_root(void) {
|
||||
uid_t uid = getuid();
|
||||
// Drop root privileges
|
||||
if (seteuid(getuid()) == -1)
|
||||
if (setresuid(-1,uid,uid) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with seteuid (%d)\n", err);
|
||||
printf("Failed to drop root privileges with setresuid (%d)\n", err);
|
||||
exit(err);
|
||||
}
|
||||
|
||||
if (setegid(getgid()) == -1)
|
||||
gid_t gid = getgid();
|
||||
if (setresgid(-1,gid,gid) == -1)
|
||||
{
|
||||
int err = errno;
|
||||
printf("Failed to drop root privileges with setegid (%d)\n", err);
|
||||
|
|
Loading…
Reference in a new issue