POTD skeleton #30.

Signed-off-by: lns <matzeton@googlemail.com>

2 files changed, 29 insertions, 2 deletions

diff --git a/src/main.c b/src/main.c
index ea26db3..0f09095 100644
--- a/src/main.c
+++ b/src/main.c
@@ -92,8 +92,9 @@ int main(int argc, char *argv[])
     D2("Server epoll fd: %d", epoll_fd);
     ABORT_ON_FATAL( epoll_fd < 0, "Server epoll setup" );
 
-    ABORT_ON_FATAL( setgid(65534), "Change group" );
-    ABORT_ON_FATAL( setuid(65534), "Change user" );
+    D2("Server dropping privileges to %s:%s", "nobody", "NULL");
+    ABORT_ON_FATAL( change_user_group("nobody", NULL),
+        "Server dropping privileges" );
 
     N("%s", "Server epoll mainloop");
     ABORT_ON_FATAL( server_mainloop_epoll( epoll_fd, srv, srv_siz ),
diff --git a/src/utils.c b/src/utils.c
index 996a8a7..ada3c13 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -5,6 +5,8 @@
 #include <stdarg.h>
 #include <fcntl.h>
 #include <signal.h>
+#include <pwd.h>
+#include <grp.h>
 #include <sys/types.h>
 #include <sys/stat.h>
 #include <sys/wait.h>
@@ -153,6 +155,8 @@ int redirect_devnull_to(int fds, ...)
 
     if (null_fd < 0)
         null_fd = open("/dev/null", O_RDWR);
+    if (null_fd < 0)
+        return -1;
     assert(null_fd >= 0);
 
     va_start(ap, fds);
@@ -169,5 +173,27 @@ int redirect_devnull_to(int fds, ...)
 
 int change_user_group(const char *user, const char *group)
 {
+    struct passwd *pwd = NULL;
+    struct group *grp = NULL;
+    gid_t gid;
+
+    pwd = getpwnam(user);
+    if (!pwd)
+        return 1;
+
+    if (!group) {
+        gid = pwd->pw_gid;
+    } else {
+        grp = getgrnam(group);
+        if (!grp)
+            return 1;
+        gid = grp->gr_gid;
+    }
+
+    if (setregid(gid, gid))
+        return 1;
+    if (setreuid(pwd->pw_uid, pwd->pw_uid))
+        return 1;
+
     return 0;
 }