projects
/
darkstat-debian
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Use the host compiler for build tool c-ify.
[darkstat-debian]
/
conv.c
diff --git
a/conv.c
b/conv.c
index
4ff95ae
..
e1ff414
100644
(file)
--- a/
conv.c
+++ b/
conv.c
@@
-1,5
+1,5
@@
/* darkstat 3
/* darkstat 3
- * copyright (c) 2001-201
1
Emil Mikulic.
+ * copyright (c) 2001-201
4
Emil Mikulic.
*
* conv.c: convenience functions.
*
*
* conv.c: convenience functions.
*
@@
-24,13
+24,14
@@
#include "err.h"
#include <errno.h>
#include <fcntl.h>
#include "err.h"
#include <errno.h>
#include <fcntl.h>
+#include <grp.h>
+#include <limits.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <time.h>
#include <unistd.h>
-#include <limits.h>
#define PATH_DEVNULL "/dev/null"
#define PATH_DEVNULL "/dev/null"
@@
-288,9
+289,7
@@
daemonize_finish(void)
* For security, chroot (optionally) and drop privileges.
* Pass a NULL chroot_dir to disable chroot() behaviour.
*/
* For security, chroot (optionally) and drop privileges.
* Pass a NULL chroot_dir to disable chroot() behaviour.
*/
-void
-privdrop(const char *chroot_dir, const char *privdrop_user)
-{
+void privdrop(const char *chroot_dir, const char *privdrop_user) {
struct passwd *pw;
errno = 0;
struct passwd *pw;
errno = 0;
@@
-302,7
+301,9
@@
privdrop(const char *chroot_dir, const char *privdrop_user)
else
err(1, "getpwnam(\"%s\") failed", privdrop_user);
}
else
err(1, "getpwnam(\"%s\") failed", privdrop_user);
}
- if (chroot_dir != NULL) {
+ if (chroot_dir == NULL) {
+ verbosef("no --chroot dir specified, darkstat will not chroot()");
+ } else {
tzset(); /* read /etc/localtime before we chroot */
if (chdir(chroot_dir) == -1)
err(1, "chdir(\"%s\") failed", chroot_dir);
tzset(); /* read /etc/localtime before we chroot */
if (chdir(chroot_dir) == -1)
err(1, "chdir(\"%s\") failed", chroot_dir);
@@
-310,6
+311,12
@@
privdrop(const char *chroot_dir, const char *privdrop_user)
err(1, "chroot(\"%s\") failed", chroot_dir);
verbosef("chrooted into: %s", chroot_dir);
}
err(1, "chroot(\"%s\") failed", chroot_dir);
verbosef("chrooted into: %s", chroot_dir);
}
+ {
+ gid_t list[1];
+ list[0] = pw->pw_gid;
+ if (setgroups(1, list) == -1)
+ err(1, "setgroups");
+ }
if (setgid(pw->pw_gid) == -1)
err(1, "setgid");
if (setuid(pw->pw_uid) == -1)
if (setgid(pw->pw_gid) == -1)
err(1, "setgid");
if (setuid(pw->pw_uid) == -1)
@@
-344,3
+351,5
@@
fd_set_block(const int fd)
err(1, "fcntl(fd %d) to unset O_NONBLOCK", fd);
assert( (fcntl(fd, F_GETFL, 0) & O_NONBLOCK ) == 0 );
}
err(1, "fcntl(fd %d) to unset O_NONBLOCK", fd);
assert( (fcntl(fd, F_GETFL, 0) & O_NONBLOCK ) == 0 );
}
+
+/* vim:set ts=3 sw=3 tw=78 expandtab: */