Drop privs when possible
This commit is contained in:
parent
42617ae88a
commit
a9fea6fee3
1 changed files with 18 additions and 0 deletions
|
@ -1,3 +1,4 @@
|
|||
#define _GNU_SOURCE
|
||||
#include <arpa/inet.h>
|
||||
#include <assert.h>
|
||||
#include <err.h>
|
||||
|
@ -30,6 +31,20 @@ void format_mac(const unsigned char binary_address[6], char formatted[18]) {
|
|||
formatted[17] = '\0';
|
||||
}
|
||||
|
||||
void drop_privileges(void) {
|
||||
uid_t uid = getuid();
|
||||
gid_t gid = getgid();
|
||||
|
||||
errno = 0;
|
||||
if (setresgid(gid, gid, gid) == -1) {
|
||||
err(1, "setresgid");
|
||||
}
|
||||
errno = 0;
|
||||
if (setresuid(uid, uid, uid) == -1) {
|
||||
err(1, "setresuid");
|
||||
}
|
||||
}
|
||||
|
||||
int main(int argc, char **argv) {
|
||||
if (argc != 2) {
|
||||
fprintf(stderr, "Usage: %s interface\n", argv[0]);
|
||||
|
@ -43,6 +58,9 @@ int main(int argc, char **argv) {
|
|||
err(1, "socket");
|
||||
}
|
||||
|
||||
// Only creating the socket requires root privs
|
||||
drop_privileges();
|
||||
|
||||
// Find the index of the network interface
|
||||
struct ifreq ifr;
|
||||
strncpy(ifr.ifr_name, argv[1], IFNAMSIZ);
|
||||
|
|
Loading…
Reference in a new issue