author | Michael Krelin <hacker@klever.net> | 2004-07-15 04:13:35 (UTC) |
---|---|---|
committer | Michael Krelin <hacker@klever.net> | 2004-07-15 04:13:35 (UTC) |
commit | 5e437102c59f4544e3803598eabcb643d403272d (patch) (unidiff) | |
tree | 7703657f2dac2fd9fb2b2a1f453ca2f30227efa1 | |
parent | 4f8a6f291a231410a03c438bc9d63a7beb861e7b (diff) | |
download | dudki-5e437102c59f4544e3803598eabcb643d403272d.zip dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.gz dudki-5e437102c59f4544e3803598eabcb643d403272d.tar.bz2 |
initgroups() call added when changing uid
-rw-r--r-- | src/process.cc | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/src/process.cc b/src/process.cc index fda35e8..bfab311 100644 --- a/src/process.cc +++ b/src/process.cc | |||
@@ -58,11 +58,13 @@ void process::check(const string& id,configuration& config) { | |||
58 | } | 58 | } |
59 | 59 | ||
60 | void process::launch(const string& id,configuration& config) { | 60 | void process::launch(const string& id,configuration& config) { |
61 | uid_t uid = 0; | 61 | uid_t uid = (uid_t)-1; |
62 | gid_t gid = (gid_t)-1; | ||
62 | if(!user.empty()) { | 63 | if(!user.empty()) { |
63 | struct passwd *ptmp = getpwnam(user.c_str()); | 64 | struct passwd *ptmp = getpwnam(user.c_str()); |
64 | if(ptmp) { | 65 | if(ptmp) { |
65 | uid = ptmp->pw_uid; | 66 | uid = ptmp->pw_uid; |
67 | gid = ptmp->pw_gid; | ||
66 | }else{ | 68 | }else{ |
67 | errno=0; | 69 | errno=0; |
68 | uid = strtol(user.c_str(),NULL,0); | 70 | uid = strtol(user.c_str(),NULL,0); |
@@ -70,7 +72,6 @@ void process::launch(const string& id,configuration& config) { | |||
70 | throw runtime_error("Failed to resolve User value to uid"); | 72 | throw runtime_error("Failed to resolve User value to uid"); |
71 | } | 73 | } |
72 | } | 74 | } |
73 | gid_t gid = 0; | ||
74 | if(!group.empty()) { | 75 | if(!group.empty()) { |
75 | struct group *gtmp = getgrnam(group.c_str()); | 76 | struct group *gtmp = getgrnam(group.c_str()); |
76 | if(gtmp) { | 77 | if(gtmp) { |
@@ -89,15 +90,17 @@ void process::launch(const string& id,configuration& config) { | |||
89 | // child | 90 | // child |
90 | try { | 91 | try { |
91 | setsid(); | 92 | setsid(); |
93 | if(user.empty()) { | ||
94 | if((getgid()!=gid) && setgid(gid)) | ||
95 | throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()"); | ||
96 | }else{ | ||
97 | if(initgroups(user.c_str(),gid)) | ||
98 | throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to initgroups()"); | ||
99 | } | ||
92 | if(!chroot.empty()) { | 100 | if(!chroot.empty()) { |
93 | if(::chroot(chroot.c_str())) | 101 | if(::chroot(chroot.c_str())) |
94 | throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()"); | 102 | throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to chroot()"); |
95 | } | 103 | } |
96 | if(!group.empty()) { | ||
97 | // TODO: initgroups()? | ||
98 | if((getgid()!=gid) && setgid(gid)) | ||
99 | throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setgid()"); | ||
100 | } | ||
101 | if(!user.empty()) { | 104 | if(!user.empty()) { |
102 | if((getuid()!=uid) && setuid(uid)) | 105 | if((getuid()!=uid) && setuid(uid)) |
103 | throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setuid()"); | 106 | throw runtime_error(string(__PRETTY_FUNCTION__)+": failed to setuid()"); |