Dropping setuid privs

robertswiecki · Mar 25, 2011 · a345e35 · a345e35
1 parent 00f886c
commit a345e35
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 7 deletions.
diff --git a/display.c b/display.c
@@ -135,15 +135,15 @@ int display_process(intrace_t * intrace)
 			char ipPktAddr[] = "      ***      ";
 			if (intrace->listener.ip_trace[i].s_addr)
 				strncpy(ipPktAddr,
-					inet_ntoa(intrace->listener.
-						  ip_trace[i]),
+					inet_ntoa(intrace->
+						  listener.ip_trace[i]),
 					strlen(ipPktAddr));
 
 			char icmpPktAddr[] = "      ***      ";
 			if (intrace->listener.icmp_trace[i].s_addr)
 				strncpy(icmpPktAddr,
-					inet_ntoa(intrace->listener.
-						  icmp_trace[i]),
+					inet_ntoa(intrace->
+						  listener.icmp_trace[i]),
 					strlen(icmpPktAddr));
 
 			printf("%2d.  [%-15s]  [%-15s]  [%s]\n", i, ipPktAddr,

diff --git a/errors.h b/errors.h
@@ -12,7 +12,7 @@
 /* Errors */
 enum {
 	errNone = 0, errMem = -1, errArg = -2,
-	errMutex = -3, errThread = -4,
+	errMutex = -3, errThread = -4, errPrivs = -5,
 
 	errPcapOpen = -20, errSocket = -21, errResolve = -22,
 	errPcapBpf = -23, errPcapLink = -24, errPkt = -25

diff --git a/listener.c b/listener.c
@@ -172,8 +172,8 @@ static void listener_process(intrace_t * intrace)
 
 		int maxFd =
 		    (intrace->listener.rcvSocketTCP >
-		     intrace->listener.rcvSocketICMP) ? intrace->listener.
-		    rcvSocketTCP : intrace->listener.rcvSocketICMP;
+		     intrace->listener.rcvSocketICMP) ? intrace->
+		    listener.rcvSocketTCP : intrace->listener.rcvSocketICMP;
 
 		if (select(maxFd + 1, &fds, NULL, NULL, NULL) < 1)
 			continue;

diff --git a/threads.c b/threads.c
@@ -30,9 +30,20 @@
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <errno.h>
+#include <unistd.h>
+#include <sys/types.h>
 
 #include <intrace.h>
 
+// For setuid case only
+static int threads_dropPrivs(void)
+{
+	if (setuid(getuid()) == -1)
+		return errPrivs;
+
+	return errNone;
+}
+
 extern int h_errno;
 
 static char *thread_err2asc(int err)
@@ -109,6 +120,13 @@ int threads_process(intrace_t * intrace)
 		return err;
 	}
 
+	if ((err = threads_dropPrivs()) != errNone) {
+		debug_printf(dlFatal,
+			     "threads: Couldn't drop privileges, err=%d\n",
+			     err);
+		return err;
+	}
+
 	pthread_attr_init(&attr);
 	pthread_attr_setdetachstate(&attr, PTHREAD_CREATE_DETACHED);
 	if (pthread_create(&t, &attr, listener_thr, (void *)intrace) < 0) {