Package: sl-modem / 2.9.11~20110321-11

10_drop_privileges.diff Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
slmodemd privilege dropping patch.
By: Ian Jackson, Ubuntu.
Index: slmodem-2.9.11-20080817/modem/modem_main.c
===================================================================
--- slmodem-2.9.11-20080817.orig/modem/modem_main.c	2008-09-18 08:19:43.000000000 +0200
+++ slmodem-2.9.11-20080817/modem/modem_main.c	2008-09-18 08:20:24.000000000 +0200
@@ -57,6 +57,7 @@
 #include <signal.h>
 #include <limits.h>
 #include <grp.h>
+#include <pwd.h>
 
 #ifdef SUPPORT_ALSA
 #define ALSA_PCM_NEW_HW_PARAMS_API 1
@@ -76,6 +77,8 @@
 #define DBG(fmt,args...) dprintf("main: " fmt, ##args)
 
 
+#define SLMODEMD_USER "Slmodemd"
+
 #define CLOSE_COUNT_MAX 100
 
 
@@ -936,6 +939,7 @@
 	struct modem *m;
 	int pty;
 	int ret = 0;
+	struct passwd *pwd;
 
 	modem_debug_init(basename(dev_name));
 
@@ -984,6 +988,30 @@
 	signal(SIGINT, mark_termination);
 	signal(SIGTERM, mark_termination);
 
+#ifdef SLMODEMD_USER
+	pwd = getpwnam(SLMODEMD_USER);
+	if (!pwd) {
+		ERR("getpwnam " SLMODEMD_USER ": %s\n",strerror(errno));
+		exit(-1);
+	}
+
+	ret = (setgroups(1,&pwd->pw_gid) ||
+	       setgid(pwd->pw_gid) ||
+	       setuid(pwd->pw_uid));
+	if (ret) {
+		ERR("setgroups or setgid %ld or setuid %ld failed: %s\n",
+		    (long)pwd->pw_gid,(long)pwd->pw_uid,strerror(errno));
+		exit(-1);
+	}
+
+	if (setuid(0) != -1) {
+		ERR("setuid 0 succeeded after dropping privileges!\n");
+		exit(-1);
+	}
+	DBG("dropped privileges to %ld.%ld\n",
+	    (long)pwd->pw_gid,(long)pwd->pw_uid);
+#endif
+
 	INFO("Use `%s' as modem device, Ctrl+C for termination.\n",
 	     *link_name ? link_name : m->pty_name);