1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
|
/* ISC license. */
#include <skalibs/sysdeps.h>
#include <skalibs/nonposix.h>
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
#include <skalibs/types.h>
#include <skalibs/strerr.h>
#include "tipideed-internal.h"
static inline void tipideed_chroot (void)
{
#ifdef SKALIBS_HASCHROOT
if (chroot(".") == -1) strerr_diefu1sys(111, "chroot") ;
#else
errno = ENOSYS ;
strerr_warnwu1sys("chroot") ;
#endif
}
static inline void tipideed_dropuidgid (void)
{
uid_t uid = 0 ;
gid_t gid = 0 ;
char const *gidfmt = getenv("GID") ;
char const *uidfmt = getenv("UID") ;
if (!uidfmt) strerr_dienotset(100, "UID") ;
if (!uid0_scan(uidfmt, &uid)) strerr_dieinvalid(100, "UID") ;
if (!gidfmt) strerr_dienotset(100, "GID") ;
if (!gid0_scan(gidfmt, &gid)) strerr_dieinvalid(100, "GID") ;
if (gid)
{
#ifdef SKALIBS_HASSETGROUPS
if (setgroups(1, &gid) == -1) strerr_diefu2sys(111, "setgroups to ", gidfmt) ;
#endif
if (setgid(gid) == -1) strerr_diefu2sys(111, "setgid to ", gidfmt) ;
}
if (uid)
if (setuid(uid) == -1) strerr_diefu2sys(111, "setuid to ", uidfmt) ;
}
void tipideed_harden (unsigned int h)
{
if (h & 2) tipideed_chroot() ;
if (h & 1) tipideed_dropuidgid() ;
}
|