Commit a733e4c6 authored by Leigh B. Stoller's avatar Leigh B. Stoller

Change to run as nobody/nobody when started as root.

parent 03918d84
......@@ -123,6 +123,39 @@ int main(int argc, char **argv) {
info(build_info);
}
/*
* Change to non-root user!
*/
if (geteuid() == 0) {
struct passwd *pw;
uid_t uid;
gid_t gid;
/*
* Must be a valid user of course.
*/
if ((pw = getpwnam(RUNASUSER)) == NULL) {
error("invalid user: %s", RUNASUSER);
exit(1);
}
uid = pw->pw_uid;
gid = pw->pw_gid;
if (setgroups(1, &gid)) {
errorc("setgroups");
exit(1);
}
if (setgid(gid)) {
errorc("setgid");
exit(1);
}
if (setuid(uid)) {
errorc("setuid");
exit(1);
}
info("Flipped to user/group %d/%d\n", uid, gid);
}
/* do our thing - just loop collecting data from clients, and insert into
DB.
*/
......
......@@ -23,6 +23,8 @@
#include <errno.h>
#include <signal.h>
#include <syslog.h>
#include <pwd.h>
#include <grp.h>
#include <tbdb.h>
#include "log.h"
......@@ -32,6 +34,7 @@
#define BUFSIZE 1500
#define MAXNUMIFACES 10
#define MACADDRLEN 12
#define RUNASUSER "nobody"
#define NUMACTTYPES 4
#define ACTSTRARRAY {"last_tty_act", "last_cpu_act", "last_net_act", "last_ext_act"}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment