Drop privs when possible
This commit is contained in:
parent
42617ae88a
commit
a9fea6fee3
|
@ -1,3 +1,4 @@
|
||||||
|
#define _GNU_SOURCE
|
||||||
#include <arpa/inet.h>
|
#include <arpa/inet.h>
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#include <err.h>
|
#include <err.h>
|
||||||
|
@ -30,6 +31,20 @@ void format_mac(const unsigned char binary_address[6], char formatted[18]) {
|
||||||
formatted[17] = '\0';
|
formatted[17] = '\0';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void drop_privileges(void) {
|
||||||
|
uid_t uid = getuid();
|
||||||
|
gid_t gid = getgid();
|
||||||
|
|
||||||
|
errno = 0;
|
||||||
|
if (setresgid(gid, gid, gid) == -1) {
|
||||||
|
err(1, "setresgid");
|
||||||
|
}
|
||||||
|
errno = 0;
|
||||||
|
if (setresuid(uid, uid, uid) == -1) {
|
||||||
|
err(1, "setresuid");
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
if (argc != 2) {
|
if (argc != 2) {
|
||||||
fprintf(stderr, "Usage: %s interface\n", argv[0]);
|
fprintf(stderr, "Usage: %s interface\n", argv[0]);
|
||||||
|
@ -43,6 +58,9 @@ int main(int argc, char **argv) {
|
||||||
err(1, "socket");
|
err(1, "socket");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Only creating the socket requires root privs
|
||||||
|
drop_privileges();
|
||||||
|
|
||||||
// Find the index of the network interface
|
// Find the index of the network interface
|
||||||
struct ifreq ifr;
|
struct ifreq ifr;
|
||||||
strncpy(ifr.ifr_name, argv[1], IFNAMSIZ);
|
strncpy(ifr.ifr_name, argv[1], IFNAMSIZ);
|
||||||
|
|
Loading…
Reference in New Issue