From afe57f9b4be01a523b3b7877a3f42e3a0b82e87a Mon Sep 17 00:00:00 2001 From: Wolfgang Hottgenroth Date: Thu, 11 Feb 2021 12:07:37 +0100 Subject: [PATCH] drop root --- sink/sink20169.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/sink/sink20169.c b/sink/sink20169.c index 15b3458..2b03254 100644 --- a/sink/sink20169.c +++ b/sink/sink20169.c @@ -315,6 +315,8 @@ void usage() { printf(" -v ............... Verbose, writes all logging on stdout too\n"); printf(" -s FACILITY ...... Sets syslog facility, only LOCAL[0..7]\n"); printf(" USER and DAEMON are supported\n"); + printf(" -n UID ........... If started as root drop privileges and become\n"); + printf(" user with id UID\n"); printf(" -h ............... This help\n"); } @@ -325,9 +327,10 @@ int main(int argc, char **argv) { const char *configFilename = DEFAULT_CONFIG_FILENAME; + uid_t dropPrivilegesToUID = 0; int c; - while ((c = getopt(argc, argv, "f:vs:h")) != -1) { + while ((c = getopt(argc, argv, "f:vs:hn:")) != -1) { switch (c) { case 'f': configFilename = strdup(optarg); @@ -338,6 +341,9 @@ int main(int argc, char **argv) { case 's': setfacility(optarg); break; + case 'n': + dropPrivilegesToUID = (uid_t) strtol(optarg, NULL, 10); + break; case 'h': usage(); exit(0); @@ -345,6 +351,14 @@ int main(int argc, char **argv) { } } + if ((getuid() == 0) && (dropPrivilegesToUID != 0)) { + logmsg(LOG_INFO, "dropping root privileges"); + if (setuid(dropPrivilegesToUID) != 0) { + logmsg(LOG_ERR, "unable to drop root privileges"); + exit(-1); + } + } + if (0 != initConfig(configFilename, &configHandle)) { logmsg(LOG_ERR, "error when reading configuration"); exit(-1);