drop_privileges.c File Reference

Basic support to drop privileges. More...

#include "drop_privileges.h"
#include <grp.h>
#include <pwd.h>
#include <sys/types.h>
#include <unistd.h>

Include dependency graph for drop_privileges.c:

Go to the source code of this file.

Macros
#define	G_LOG_DOMAIN   "libgvm base"
	GLib log domain.

Functions
static gint	drop_privileges_error (GError **error, gint errorcode, const gchar *message)
	Sets an error and return errorcode.
int	drop_privileges (gchar *username, GError **error)
	Drop privileges.

Detailed Description

Basic support to drop privileges.

Definition in file drop_privileges.c.

Macro Definition Documentation

G_LOG_DOMAIN

#define G_LOG_DOMAIN   "libgvm base"

GLib log domain.

Definition at line 22 of file drop_privileges.c.

Function Documentation

drop_privileges()

int drop_privileges	(	gchar *	username,
		GError **	error )

Drop privileges.

We try to drop our (root) privileges and setuid to username to minimize the risk of privilege escalation. The current implementation is linux-specific and may not work on other platforms.

Parameters

[in]	username	The user to become. Its safe to pass "NULL", in which case it will default to "nobody".
[out]	error	Return location for errors or NULL if not interested in errors.

Returns

GVM_DROP_PRIVILEGES_OK in case of success. Sets error otherwise and returns the error code.

Definition at line 58 of file drop_privileges.c.

{
  g_return_val_if_fail (*error == NULL, GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET);
 
  if (username == NULL)
    username = "nobody";
 
  if (geteuid () == 0)
    {
      struct passwd *user_pw;
 
      user_pw = getpwnam (username);
      if (user_pw)
        {
          if (initgroups (username, user_pw->pw_gid) != 0)
            return drop_privileges_error (
              error, GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY,
              "Failed to drop supplementary groups privileges!\n");
          if (setgid (user_pw->pw_gid) != 0)
            return drop_privileges_error (error,
                                          GVM_DROP_PRIVILEGES_FAIL_DROP_GID,
                                          "Failed to drop group privileges!\n");
          if (setuid (user_pw->pw_uid) != 0)
            return drop_privileges_error (error,
                                          GVM_DROP_PRIVILEGES_FAIL_DROP_UID,
                                          "Failed to drop user privileges!\n");
        }
      else
        {
          g_set_error (error, GVM_DROP_PRIVILEGES,
                       GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER,
                       "Failed to get gid and uid for user %s.", username);
          return GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER;
        }
      return GVM_DROP_PRIVILEGES_OK;
    }
  else
    {
      return drop_privileges_error (error, GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT,
                                    "Only root can drop its privileges.");
    }
}

References drop_privileges_error(), GVM_DROP_PRIVILEGES, GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET, GVM_DROP_PRIVILEGES_FAIL_DROP_GID, GVM_DROP_PRIVILEGES_FAIL_DROP_UID, GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT, GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY, GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER, and GVM_DROP_PRIVILEGES_OK.

Here is the call graph for this function:

drop_privileges_error()

gint drop_privileges_error ( GError ** error, gint errorcode, const gchar * message )

static

Sets an error and return errorcode.

Parameters

error	Error to set.
errorcode	Errorcode (possible values defined in drop_privileges.h), will be returned.
message	Message to attach to the error.

Returns

errorcode

Definition at line 35 of file drop_privileges.c.

{
  g_set_error (error, GVM_DROP_PRIVILEGES, errorcode, "%s", message);
  return errorcode;
}

References GVM_DROP_PRIVILEGES.

Referenced by drop_privileges().

Here is the caller graph for this function: