summaryrefslogtreecommitdiff
path: root/src/conn-tools/s6tls_drop.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/conn-tools/s6tls_drop.c')
-rw-r--r--src/conn-tools/s6tls_drop.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/conn-tools/s6tls_drop.c b/src/conn-tools/s6tls_drop.c
new file mode 100644
index 0000000..6b6f67f
--- /dev/null
+++ b/src/conn-tools/s6tls_drop.c
@@ -0,0 +1,24 @@
+/* ISC license. */
+
+#include <unistd.h>
+#include <stdlib.h>
+
+#include <skalibs/strerr2.h>
+#include <skalibs/types.h>
+
+#include "s6tls-internal.h"
+
+void s6tls_drop (void)
+{
+ if (!getuid())
+ {
+ uid_t uid ;
+ gid_t gid ;
+ char const *x = getenv("TLS_UID") ;
+ if (x && !uid0_scan(x, &uid)) strerr_dieinvalid(100, "TLS_UID") ;
+ x = getenv("TLS_GID") ;
+ if (x && !gid0_scan(x, &gid)) strerr_dieinvalid(100, "TLS_GID") ;
+ if (gid && setgid(gid) < 0) strerr_diefu1sys(111, "setgid") ;
+ if (uid && setuid(uid) < 0) strerr_diefu1sys(111, "setuid") ;
+ }
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 18:16:32 +0000