Mercurial > dnsbl
changeset 48:5ef10dc14457
properly drop root privs
author | carl |
---|---|
date | Fri, 09 Jul 2004 13:57:59 -0700 |
parents | 71252053d258 |
children | 4f9e3dc55d38 |
files | ChangeLog src/dnsbl.cpp |
diffstat | 2 files changed, 22 insertions(+), 16 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Fri Jul 09 08:33:59 2004 -0700 +++ b/ChangeLog Fri Jul 09 13:57:59 2004 -0700 @@ -1,5 +1,9 @@ $Id$ +3.3 2004-07-09 + Drop root priviledges properly, including the group id. + + 3.2 2004-07-09 Contributions from John Gunkel <jgunkel@palliser.ca>:
--- a/src/dnsbl.cpp Fri Jul 09 08:33:59 2004 -0700 +++ b/src/dnsbl.cpp Fri Jul 09 13:57:59 2004 -0700 @@ -1412,21 +1412,6 @@ exit(EX_UNAVAILABLE); } - // initialize the thread sync objects - pthread_mutex_init(&config_mutex, 0); - pthread_mutex_init(&syslog_mutex, 0); - pthread_mutex_init(&resolve_mutex, 0); - - // load the initial config - config = new_conf(); - - // only create threads after the fork() in daemon - pthread_t tid; - if (pthread_create(&tid, 0, config_loader, 0)) - my_syslog("failed to create config loader thread"); - if (pthread_detach(tid)) - my_syslog("failed to detach config loader thread"); - // write the pid const char *pidpath = "/var/run/dnsbl.pid"; unlink(pidpath); @@ -1452,11 +1437,29 @@ // drop root privs struct passwd *pw = getpwnam("dnsbl"); if (pw) { + if (setgid(pw->pw_gid) == -1) { + my_syslog("failed to switch to group dnsbl"); + } if (setuid(pw->pw_uid) == -1) { my_syslog("failed to switch to user dnsbl"); } } + // initialize the thread sync objects + pthread_mutex_init(&config_mutex, 0); + pthread_mutex_init(&syslog_mutex, 0); + pthread_mutex_init(&resolve_mutex, 0); + + // load the initial config + config = new_conf(); + + // only create threads after the fork() in daemon + pthread_t tid; + if (pthread_create(&tid, 0, config_loader, 0)) + my_syslog("failed to create config loader thread"); + if (pthread_detach(tid)) + my_syslog("failed to detach config loader thread"); + time_t starting = time(NULL); int rc = smfi_main(); if ((rc != MI_SUCCESS) && (time(NULL) > starting+5*60)) {