diff options
author | Ondrej Zajicek <santiago@crfreenet.org> | 2011-05-15 16:29:44 +0200 |
---|---|---|
committer | Ondrej Zajicek <santiago@crfreenet.org> | 2011-05-15 16:29:44 +0200 |
commit | e8b89a610443f32b901801668cbae634e13f3e68 (patch) | |
tree | ee0f68cc90ad6df6c2d44fa8a9cca2fc449c0071 /sysdep/unix | |
parent | 1bc2695744c729804af32d48ce68854cba4de8f7 (diff) | |
download | bird-e8b89a610443f32b901801668cbae634e13f3e68.tar bird-e8b89a610443f32b901801668cbae634e13f3e68.zip |
Update and document the privilege restriction.
Diffstat (limited to 'sysdep/unix')
-rw-r--r-- | sysdep/unix/main.c | 47 |
1 files changed, 32 insertions, 15 deletions
diff --git a/sysdep/unix/main.c b/sysdep/unix/main.c index 744062b..610d207 100644 --- a/sysdep/unix/main.c +++ b/sysdep/unix/main.c @@ -383,7 +383,7 @@ cli_connect(sock *s, int size UNUSED) } static void -cli_init_unix(void) +cli_init_unix(uid_t use_uid, gid_t use_gid) { sock *s; @@ -393,6 +393,13 @@ cli_init_unix(void) s->rx_hook = cli_connect; s->rbsize = 1024; sk_open_unix(s, path_control_socket); + + if (use_uid || use_gid) + if (chown(path_control_socket, use_uid, use_gid) < 0) + die("chown: %m"); + + if (chmod(path_control_socket, 0660) < 0) + die("chmod: %m"); } /* @@ -503,9 +510,13 @@ get_uid(const char *s) { struct passwd *pw; char *endptr; - + long int rv; + + if (!s) + return 0; + errno = 0; - long int rv = strtol(s, &endptr, 10); + rv = strtol(s, &endptr, 10); if (!errno && !*endptr) return rv; @@ -522,9 +533,13 @@ get_gid(const char *s) { struct group *gr; char *endptr; + long int rv; + + if (!s) + return 0; errno = 0; - long int rv = strtol(s, &endptr, 10); + rv = strtol(s, &endptr, 10); if (!errno && !*endptr) return rv; @@ -601,24 +616,26 @@ main(int argc, char **argv) log_init_debug(""); log_switch(debug_flag, NULL, NULL); - if (use_group) - drop_gid(get_gid(use_group)); - - if (use_user) - drop_uid(get_uid(use_user)); - - if (!parse_and_exit) - test_old_bird(path_control_socket); - - DBG("Initializing.\n"); resource_init(); olock_init(); io_init(); rt_init(); if_init(); + uid_t use_uid = get_uid(use_user); + gid_t use_gid = get_gid(use_group); + if (!parse_and_exit) - cli_init_unix(); + { + test_old_bird(path_control_socket); + cli_init_unix(use_uid, use_gid); + } + + if (use_gid) + drop_gid(use_gid); + + if (use_uid) + drop_uid(use_uid); protos_build(); proto_build(&proto_unix_kernel); |