summaryrefslogtreecommitdiffstats
path: root/usbmuxd/main.c
diff options
context:
space:
mode:
authorGravatar Nikias Bassen2009-08-16 19:20:48 +0200
committerGravatar Hector Martin2009-08-16 21:50:53 +0200
commitcb7845397842fb813bae9aa2f9d10b75e04ce8e6 (patch)
treeb1bc9e594370d0ea3211699801bba93a0f1c1ff5 /usbmuxd/main.c
parenta63578e2d71ae304f6f405b5bb491547f43b79ac (diff)
downloadusbmuxd-cb7845397842fb813bae9aa2f9d10b75e04ce8e6.tar.gz
usbmuxd-cb7845397842fb813bae9aa2f9d10b75e04ce8e6.tar.bz2
Added option to drop privileges after startup.
Diffstat (limited to 'usbmuxd/main.c')
-rw-r--r--usbmuxd/main.c32
1 files changed, 30 insertions, 2 deletions
diff --git a/usbmuxd/main.c b/usbmuxd/main.c
index 3318ecd..ea332a4 100644
--- a/usbmuxd/main.c
+++ b/usbmuxd/main.c
@@ -34,6 +34,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#include <sys/un.h>
#include <sys/stat.h>
#include <getopt.h>
+#include <pwd.h>
#include "log.h"
#include "usb.h"
@@ -47,6 +48,7 @@ struct sigaction sa_old;
static int verbose = 0;
static int foreground = 0;
+static int drop_privileges = 0;
int create_socket(void) {
struct sockaddr_un bind_addr;
@@ -222,6 +224,7 @@ static void usage()
printf("\t-h|--help Print this message.\n");
printf("\t-v|--verbose Be verbose (use twice or more to increase).\n");
printf("\t-f|--foreground Do not daemonize (implies a verbosity of 4).\n");
+ printf("\t-d|--drop-privileges Drop privileges after startup.\n");
printf("\n");
}
@@ -231,12 +234,13 @@ static void parse_opts(int argc, char **argv)
{"help", 0, NULL, 'h'},
{"foreground", 0, NULL, 'f'},
{"verbose", 0, NULL, 'v'},
+ {"drop-privileges", 0, NULL, 'd'},
{NULL, 0, NULL, 0}
};
int c;
while (1) {
- c = getopt_long(argc, argv, "hfv", longopts, (int *) 0);
+ c = getopt_long(argc, argv, "hfvd", longopts, (int *) 0);
if (c == -1) {
break;
}
@@ -251,6 +255,9 @@ static void parse_opts(int argc, char **argv)
case 'v':
++verbose;
break;
+ case 'd':
+ drop_privileges = 1;
+ break;
default:
usage();
exit(2);
@@ -304,7 +311,28 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
}
-
+
+ // drop elevated privileges
+ if (drop_privileges && (getuid() == 0 || geteuid() == 0)) {
+ struct passwd *pw = getpwnam("nobody");
+ if (pw) {
+ setuid(pw->pw_uid);
+ } else {
+ usbmuxd_log(LL_ERROR,
+ "ERROR: Dropping privileges failed, check if user 'nobody' exists! Will now terminate.");
+ log_disable_syslog();
+ exit(EXIT_FAILURE);
+ }
+
+ // security check
+ if (setuid(0) != -1) {
+ usbmuxd_log(LL_ERROR, "ERROR: Failed to drop privileges properly!");
+ log_disable_syslog();
+ exit(EXIT_FAILURE);
+ }
+ usbmuxd_log(LL_NOTICE, "Successfully dropped privileges");
+ }
+
res = main_loop(listenfd);
if(res < 0)
usbmuxd_log(LL_FATAL, "main_loop failed");