From 4722d3bac43062a9213a08ed2435b8ef9b426789 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Tue, 4 Jun 2013 10:52:34 +0200 Subject: privs: move drop_privileges out of xutils Again, also to be able to maintain this more easily. Signed-off-by: Daniel Borkmann --- netsniff-ng.c | 1 + netsniff-ng/Makefile | 1 + privs.c | 19 +++++++++++++++++++ privs.h | 8 ++++++++ trafgen.c | 1 + trafgen/Makefile | 1 + xutils.c | 14 -------------- xutils.h | 1 - 8 files changed, 31 insertions(+), 15 deletions(-) create mode 100644 privs.c create mode 100644 privs.h diff --git a/netsniff-ng.c b/netsniff-ng.c index b0b6f51..f20ebe0 100644 --- a/netsniff-ng.c +++ b/netsniff-ng.c @@ -30,6 +30,7 @@ #include "promisc.h" #include "built_in.h" #include "pcap_io.h" +#include "privs.h" #include "bpf.h" #include "ioops.h" #include "die.h" diff --git a/netsniff-ng/Makefile b/netsniff-ng/Makefile index 11467c9..23d7b5d 100644 --- a/netsniff-ng/Makefile +++ b/netsniff-ng/Makefile @@ -33,6 +33,7 @@ netsniff-ng-objs = dissector.o \ proto_mpls_unicast.o \ proto_80211_mac_hdr.o \ promisc.o \ + privs.o \ dev.o \ str.o \ irq.o \ diff --git a/privs.c b/privs.c new file mode 100644 index 0000000..ac4ad25 --- /dev/null +++ b/privs.c @@ -0,0 +1,19 @@ +#include +#include + +#include "privs.h" +#include "die.h" + +void drop_privileges(bool enforce, uid_t uid, gid_t gid) +{ + if (enforce) { + if (uid == getuid()) + panic("Uid cannot be the same as the current user!\n"); + if (gid == getgid()) + panic("Gid cannot be the same as the current user!\n"); + } + if (setgid(gid) != 0) + panic("Unable to drop group privileges: %s!\n", strerror(errno)); + if (setuid(uid) != 0) + panic("Unable to drop user privileges: %s!\n", strerror(errno)); +} diff --git a/privs.h b/privs.h new file mode 100644 index 0000000..9f9cfdd --- /dev/null +++ b/privs.h @@ -0,0 +1,8 @@ +#ifndef PRIVS_H +#define PRIVS_H + +#include + +extern void drop_privileges(bool enforce, uid_t uid, gid_t gid); + +#endif /* PRIVS_H */ diff --git a/trafgen.c b/trafgen.c index c161a1e..628e3be 100644 --- a/trafgen.c +++ b/trafgen.c @@ -37,6 +37,7 @@ #include "str.h" #include "cpus.h" #include "lockme.h" +#include "privs.h" #include "mac80211.h" #include "xutils.h" #include "ioops.h" diff --git a/trafgen/Makefile b/trafgen/Makefile index 2bb1a2f..2df9dbf 100644 --- a/trafgen/Makefile +++ b/trafgen/Makefile @@ -5,6 +5,7 @@ trafgen-libs = $(shell pkg-config --libs libnl-3.0) \ trafgen-objs = xmalloc.o \ ioops.o \ xutils.o \ + privs.o \ dev.o \ irq.o \ str.o \ diff --git a/xutils.c b/xutils.c index 28900cb..b1f73a4 100644 --- a/xutils.c +++ b/xutils.c @@ -201,20 +201,6 @@ u32 wireless_bitrate(const char *ifname) return rate_in_mbit; } -void drop_privileges(bool enforce, uid_t uid, gid_t gid) -{ - if (enforce) { - if (uid == getuid()) - panic("Uid cannot be the same as the current user!\n"); - if (gid == getgid()) - panic("Gid cannot be the same as the current user!\n"); - } - if (setgid(gid) != 0) - panic("Unable to drop group privileges: %s!\n", strerror(errno)); - if (setuid(uid) != 0) - panic("Unable to drop user privileges: %s!\n", strerror(errno)); -} - int get_system_socket_mem(int which) { int fd, val = -1; diff --git a/xutils.h b/xutils.h index 7911110..53bdca3 100644 --- a/xutils.h +++ b/xutils.h @@ -33,7 +33,6 @@ extern u32 wireless_bitrate(const char *ifname); extern u32 ethtool_bitrate(const char *ifname); extern int ethtool_drvinf(const char *ifname, struct ethtool_drvinfo *drvinf); extern int ethtool_link(const char *ifname); -extern void drop_privileges(bool enforce, uid_t uid, gid_t gid); extern void set_nonblocking(int fd); extern int set_nonblocking_sloppy(int fd); extern int set_reuseaddr(int fd); -- cgit v1.2.3-54-g00ecf