summaryrefslogtreecommitdiff
path: root/privs.c
blob: ac4ad25c337b2db978b5a9e76cefc2218e7eb07f (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19

#include <unistd.h>
#include <sys/types.h>

#include "privs.h"
#include "die.h"

void drop_privileges(bool enforce, uid_t uid, gid_t gid)
{
	if (enforce) {
		if (uid == getuid())
			panic("Uid cannot be the same as the current user!\n");
		if (gid == getgid())
			panic("Gid cannot be the same as the current user!\n");
	}
	if (setgid(gid) != 0)
		panic("Unable to drop group privileges: %s!\n", strerror(errno));
	if (setuid(uid) != 0)
		panic("Unable to drop user privileges: %s!\n", strerror(errno));
}
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-11-05 10:32:14 +0000
commiteaa2bcd6d1d410a52df8c7b05e76d86c0319b7b0 (patch) treebfe420585bb687c2f58e916438aa4c8bee0a30c8 parent83170f3beccccd7ceb4f9a0ac0c4dc736afde90c (diff)
netfilter: nf_tables: validate NFTA_SET_TABLE parameter
If the NFTA_SET_TABLE parameter is missing and the NLM_F_DUMP flag is not set, then a NULL pointer dereference is triggered in nf_tables_set_lookup because ctx.table is NULL. Signed-off-by: Phil Turnbull <phil.turnbull@oracle.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat