From 1293811896219e090e48e1bc5a5a1dfdde1ee839 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 12 Oct 2013 18:25:33 +0200 Subject: [PATCH] misc-progs: Convert to right file encoding. --- src/misc-progs/fireinfoctrl.c | 46 ++--- src/misc-progs/getconntracktable.c | 62 +++--- src/misc-progs/iowrap.c | 88 ++++---- src/misc-progs/ipfiredeath.c | 50 ++--- src/misc-progs/ipfirerebirth.c | 50 ++--- src/misc-progs/ipfirereboot.c | 234 +++++++++++----------- src/misc-progs/setuid.c | 311 +++++++++++++++-------------- 7 files changed, 421 insertions(+), 420 deletions(-) diff --git a/src/misc-progs/fireinfoctrl.c b/src/misc-progs/fireinfoctrl.c index 963459a2a..a026ba09d 100644 --- a/src/misc-progs/fireinfoctrl.c +++ b/src/misc-progs/fireinfoctrl.c @@ -1,23 +1,23 @@ -/* IPFire helper program - fireinfoctrl - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) IPFire Team, 2011 - * - * Simple program that calls "sendprofile" as the root user. - * - */ - -#include -#include "setuid.h" - -int main(void) -{ - if (!(initsetuid())) - exit(1); - - safe_system("/usr/bin/sendprofile"); - - return 0; -} +/* IPFire helper program - fireinfoctrl + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) IPFire Team, 2011 + * + * Simple program that calls "sendprofile" as the root user. + * + */ + +#include +#include "setuid.h" + +int main(void) +{ + if (!(initsetuid())) + exit(1); + + safe_system("/usr/bin/sendprofile"); + + return 0; +} diff --git a/src/misc-progs/getconntracktable.c b/src/misc-progs/getconntracktable.c index 674b211b5..78eb11ad8 100644 --- a/src/misc-progs/getconntracktable.c +++ b/src/misc-progs/getconntracktable.c @@ -1,31 +1,31 @@ -/* IPFire helper program - getconntracktable - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * The kernel's connection tracking table is not readable by - * non-root users. So this helper will just read and output it. - */ - -#include -#include -#include "setuid.h" - -int main(void) { - if (!(initsetuid())) - exit(1); - - FILE *fp = fopen("/proc/net/nf_conntrack", "r"); - if (fp == NULL) { - exit(1); - } - - /* Read content line by line and write it to stdout. */ - char linebuf[STRING_SIZE]; - while (fgets(linebuf, STRING_SIZE, fp)) { - printf("%s", linebuf); - } - - fclose(fp); - return 0; -} +/* IPFire helper program - getconntracktable + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * The kernel's connection tracking table is not readable by + * non-root users. So this helper will just read and output it. + */ + +#include +#include +#include "setuid.h" + +int main(void) { + if (!(initsetuid())) + exit(1); + + FILE *fp = fopen("/proc/net/nf_conntrack", "r"); + if (fp == NULL) { + exit(1); + } + + /* Read content line by line and write it to stdout. */ + char linebuf[STRING_SIZE]; + while (fgets(linebuf, STRING_SIZE, fp)) { + printf("%s", linebuf); + } + + fclose(fp); + return 0; +} diff --git a/src/misc-progs/iowrap.c b/src/misc-progs/iowrap.c index e56203e27..115ec2a06 100644 --- a/src/misc-progs/iowrap.c +++ b/src/misc-progs/iowrap.c @@ -1,44 +1,44 @@ -/* SmoothWall helper program - iowrap. - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Lawrence Manning, 2001 - * Installer helper for redirecting stdout/stderr to a file/terminal. - * init calls ash through this program to shove it on a tty. - * - * $Id: iowrap.c,v 1.2 2001/11/27 15:20:50 riddles Exp $ - * - */ - -#include -#include -#include -#include -#include - -int main(int argc, char *argv[]) -{ - /* Prog takes one argument. A device to run on (like a getty) */ - if (argc >= 2) - { - int fd; - - if ((fd = open(argv[1], O_RDWR)) == -1) - { - printf("Couldn't open device\n"); - return 0; - } - dup2(fd, 0); - dup2(fd, 1); - dup2(fd, 2); - /* Now its sending/reading on that device. */ - } - - if (argc >= 3) - execvp(argv[2], &argv[2]); - else - printf("No command\n"); - - return 0; -} +/* SmoothWall helper program - iowrap. + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Lawrence Manning, 2001 + * Installer helper for redirecting stdout/stderr to a file/terminal. + * init calls ash through this program to shove it on a tty. + * + * $Id: iowrap.c,v 1.2 2001/11/27 15:20:50 riddles Exp $ + * + */ + +#include +#include +#include +#include +#include + +int main(int argc, char *argv[]) +{ + /* Prog takes one argument. A device to run on (like a getty) */ + if (argc >= 2) + { + int fd; + + if ((fd = open(argv[1], O_RDWR)) == -1) + { + printf("Couldn't open device\n"); + return 0; + } + dup2(fd, 0); + dup2(fd, 1); + dup2(fd, 2); + /* Now its sending/reading on that device. */ + } + + if (argc >= 3) + execvp(argv[2], &argv[2]); + else + printf("No command\n"); + + return 0; +} diff --git a/src/misc-progs/ipfiredeath.c b/src/misc-progs/ipfiredeath.c index 9115b4f8f..8a13fa60a 100644 --- a/src/misc-progs/ipfiredeath.c +++ b/src/misc-progs/ipfiredeath.c @@ -1,25 +1,25 @@ -/* SmoothWall helper program - smoothiedeath - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Lawrence Manning, 2001 - * Simple program intended to be installed setuid(0) that can be used for - * starting shutdown. - * - * $Id: ipcopdeath.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ - * - */ - -#include -#include "setuid.h" - -int main(void) -{ - if (!(initsetuid())) - exit(1); - - safe_system("/sbin/shutdown -h now"); - - return 0; -} +/* SmoothWall helper program - smoothiedeath + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Lawrence Manning, 2001 + * Simple program intended to be installed setuid(0) that can be used for + * starting shutdown. + * + * $Id: ipcopdeath.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ + * + */ + +#include +#include "setuid.h" + +int main(void) +{ + if (!(initsetuid())) + exit(1); + + safe_system("/sbin/shutdown -h now"); + + return 0; +} diff --git a/src/misc-progs/ipfirerebirth.c b/src/misc-progs/ipfirerebirth.c index dd7988e18..10230c3e1 100644 --- a/src/misc-progs/ipfirerebirth.c +++ b/src/misc-progs/ipfirerebirth.c @@ -1,25 +1,25 @@ -/* SmoothWall helper program - smoothierebirth - * - * This program is distributed under the terms of the GNU General Public - * Licence. See the file COPYING for details. - * - * (c) Lawrence Manning, 2001 - * Simple program intended to be installed setuid(0) that can be used for - * starting reboot. - * - * $Id: ipcoprebirth.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ - * - */ - -#include -#include "setuid.h" - -int main(void) -{ - if (!(initsetuid())) - exit(1); - - safe_system("/sbin/shutdown -r now"); - - return 0; -} +/* SmoothWall helper program - smoothierebirth + * + * This program is distributed under the terms of the GNU General Public + * Licence. See the file COPYING for details. + * + * (c) Lawrence Manning, 2001 + * Simple program intended to be installed setuid(0) that can be used for + * starting reboot. + * + * $Id: ipcoprebirth.c,v 1.2 2003/12/11 10:57:34 riddles Exp $ + * + */ + +#include +#include "setuid.h" + +int main(void) +{ + if (!(initsetuid())) + exit(1); + + safe_system("/sbin/shutdown -r now"); + + return 0; +} diff --git a/src/misc-progs/ipfirereboot.c b/src/misc-progs/ipfirereboot.c index 05dddaf24..5e758791c 100644 --- a/src/misc-progs/ipfirereboot.c +++ b/src/misc-progs/ipfirereboot.c @@ -1,117 +1,117 @@ -/* - * This file is part of the IPCop Firewall. - * - * IPCop is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * IPCop is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with IPCop; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Copyright (C) 2005-10-25 Franck Bourdonnec - * - * $Id: ipcopreboot.c,v 1.1.2.2 2005/10/24 23:05:50 franck78 Exp $ - * - */ - -#include -#include -#include -#include "setuid.h" - - -/* define operations */ -#define OP_REBOOT "boot" -#define OP_REBOOT_FS "bootfs" // add filesystem check option (not yet in GUI) -#define OP_SHUTDOWN "down" -#define OP_SCHEDULE_ADD "cron+" -#define OP_SCHEDULE_REM "cron-" -#define OP_SCHEDULE_GET "cron?" - -int main(int argc, char**argv) -{ - - if (!(initsetuid())) - return 1; - - // Check what command is asked - if (argc==1) - { - fprintf (stderr, "Missing reboot command!\n"); - return 1; - } - - if (argc==2 && strcmp(argv[1], OP_SHUTDOWN)==0) - { - safe_system("/sbin/shutdown -h now"); - return 0; - } - - if (argc==2 && strcmp(argv[1], OP_REBOOT)==0) - { - safe_system("/sbin/shutdown -r now"); - return 0; - } - - if (argc==2 && strcmp(argv[1], OP_REBOOT_FS)==0) - { - safe_system("/sbin/shutdown -F -r now"); - return 0; - } - - // output schedule to stdout - if (argc==2 && strcmp(argv[1], OP_SCHEDULE_GET)==0) - { - safe_system("/bin/grep /sbin/shutdown /var/spool/cron/root.orig"); - return 0; - } - - if (argc==2 && strcmp(argv[1], OP_SCHEDULE_REM)==0) - { - safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); - safe_system("/usr/bin/fcrontab -u root -z"); - return 0; - } - - if (argc==6 && strcmp(argv[1], OP_SCHEDULE_ADD)==0) - { - // check args - if (!( strlen(argv[2])<3 && - strspn(argv[2], "0123456789") == strlen (argv[2]) && - strlen(argv[3])<3 && - strspn(argv[3], "0123456789") == strlen (argv[3]) && - strlen(argv[4])<14 && - strspn(argv[4], "1234567,*") == strlen (argv[4]) && - ((strcmp(argv[5], "-r")==0) || //reboot - (strcmp(argv[5], "-h")==0)) ) //hangup - ) { - fprintf (stderr, "Bad cron+ parameters!\n"); - return 1; - } - - // remove old entry - safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); - - // add new entry - FILE *fd = NULL; - if ((fd = fopen("/var/spool/cron/root.orig", "a"))) - { - fprintf (fd,"%s %s * * %s /sbin/shutdown %s 1\n",argv[2],argv[3],argv[4],argv[5]); - fclose (fd); - } - - // inform cron - safe_system("/usr/bin/fcrontab -u root -z"); - return 0; - } - - fprintf (stderr, "Bad reboot command!\n"); - return 1; -} +/* + * This file is part of the IPCop Firewall. + * + * IPCop is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * IPCop is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with IPCop; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright (C) 2005-10-25 Franck Bourdonnec + * + * $Id: ipcopreboot.c,v 1.1.2.2 2005/10/24 23:05:50 franck78 Exp $ + * + */ + +#include +#include +#include +#include "setuid.h" + + +/* define operations */ +#define OP_REBOOT "boot" +#define OP_REBOOT_FS "bootfs" // add filesystem check option (not yet in GUI) +#define OP_SHUTDOWN "down" +#define OP_SCHEDULE_ADD "cron+" +#define OP_SCHEDULE_REM "cron-" +#define OP_SCHEDULE_GET "cron?" + +int main(int argc, char**argv) +{ + + if (!(initsetuid())) + return 1; + + // Check what command is asked + if (argc==1) + { + fprintf (stderr, "Missing reboot command!\n"); + return 1; + } + + if (argc==2 && strcmp(argv[1], OP_SHUTDOWN)==0) + { + safe_system("/sbin/shutdown -h now"); + return 0; + } + + if (argc==2 && strcmp(argv[1], OP_REBOOT)==0) + { + safe_system("/sbin/shutdown -r now"); + return 0; + } + + if (argc==2 && strcmp(argv[1], OP_REBOOT_FS)==0) + { + safe_system("/sbin/shutdown -F -r now"); + return 0; + } + + // output schedule to stdout + if (argc==2 && strcmp(argv[1], OP_SCHEDULE_GET)==0) + { + safe_system("/bin/grep /sbin/shutdown /var/spool/cron/root.orig"); + return 0; + } + + if (argc==2 && strcmp(argv[1], OP_SCHEDULE_REM)==0) + { + safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); + safe_system("/usr/bin/fcrontab -u root -z"); + return 0; + } + + if (argc==6 && strcmp(argv[1], OP_SCHEDULE_ADD)==0) + { + // check args + if (!( strlen(argv[2])<3 && + strspn(argv[2], "0123456789") == strlen (argv[2]) && + strlen(argv[3])<3 && + strspn(argv[3], "0123456789") == strlen (argv[3]) && + strlen(argv[4])<14 && + strspn(argv[4], "1234567,*") == strlen (argv[4]) && + ((strcmp(argv[5], "-r")==0) || //reboot + (strcmp(argv[5], "-h")==0)) ) //hangup + ) { + fprintf (stderr, "Bad cron+ parameters!\n"); + return 1; + } + + // remove old entry + safe_system("/usr/bin/perl -i -p -e 's/^.*\\/sbin\\/shutdown.*$//s' /var/spool/cron/root.orig"); + + // add new entry + FILE *fd = NULL; + if ((fd = fopen("/var/spool/cron/root.orig", "a"))) + { + fprintf (fd,"%s %s * * %s /sbin/shutdown %s 1\n",argv[2],argv[3],argv[4],argv[5]); + fclose (fd); + } + + // inform cron + safe_system("/usr/bin/fcrontab -u root -z"); + return 0; + } + + fprintf (stderr, "Bad reboot command!\n"); + return 1; +} diff --git a/src/misc-progs/setuid.c b/src/misc-progs/setuid.c index b1e124cbc..72ce994d2 100644 --- a/src/misc-progs/setuid.c +++ b/src/misc-progs/setuid.c @@ -1,155 +1,156 @@ -/* This file is part of the IPCop Firewall. - * - * IPCop is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * IPCop is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with IPCop; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * - * Copyright (C) 2003-04-22 Robert Kerr - * - * $Id: setuid.c,v 1.2.2.1 2005/11/18 14:51:43 franck78 Exp $ - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include "setuid.h" - -#ifndef OPEN_MAX -#define OPEN_MAX 256 -#endif - -/* Trusted environment for executing commands */ -char * trusted_env[4]={ - "PATH=/usr/bin:/usr/sbin:/sbin:/bin", - "SHELL=/bin/sh", - "TERM=dumb", - NULL}; - -/* Spawns a child process that uses /bin/sh to interpret a command. - * This is much the same in use and purpose as system(), yet as it uses execve - * to pass a trusted environment it's immune to attacks based upon changing - * IFS, ENV, BASH_ENV and other such variables. - * Note this does NOT guard against any other attacks, inparticular you MUST - * validate the command you are passing. If the command is formed from user - * input be sure to check this input is what you expect. Nasty things can - * happen if a user can inject ; or `` into your command for example */ -int safe_system(char* command) -{ - return system_core( command, 0, 0, "safe_system" ); -} - -/* Much like safe_system but lets you specify a non-root uid and gid to run - * the command as */ -int unpriv_system(char* command, uid_t uid, gid_t gid) -{ - return system_core(command, uid, gid, "unpriv_system" ); -} - -int system_core(char* command, uid_t uid, gid_t gid, char *error) -{ - int pid, status; - - if(!command) - return 1; - - switch( pid = fork() ) - { - case -1: - return -1; - case 0: /* child */ - { - char * argv[4]; - if (gid && setgid(gid)) - { - fprintf(stderr, "%s: ", error); - perror("Couldn't setgid"); - exit(127); - } - if (uid && setuid(uid)) - { - fprintf(stderr, "%s: ", error); - perror("Couldn't setuid"); - exit(127); - } - argv[0] = "sh"; - argv[1] = "-c"; - argv[2] = command; - argv[3] = NULL; - execve("/bin/sh", argv, trusted_env); - fprintf(stderr, "%s: ", error); - perror("execve failed"); - exit(127); - } - default: /* parent */ - do { - if( waitpid(pid, &status, 0) == -1 ) { - if( errno != EINTR ) - return -1; - } else - return status; - } while (1); - } - -} - -/* General routine to initialise a setuid root program, and put the - * environment in a known state. Returns 1 on success, if initsetuid() returns - * 0 then you should exit(1) immediately, DON'T attempt to recover from the - * error */ -int initsetuid(void) -{ - int fds,i; - struct stat st; - struct rlimit rlim; - - /* Prevent signal tricks by ignoring all except SIGKILL and SIGCHILD */ - for( i = 0; i < NSIG; i++ ) { - if( i != SIGKILL && i != SIGCHLD ) - signal(i, SIG_IGN); - } - - /* dump all non-standard file descriptors (a full descriptor table could - * lead to DoS by preventing us opening files) */ - if ((fds = getdtablesize()) == -1) fds = OPEN_MAX; - for( i = 3; i < fds; i++ ) close(i); - - /* check stdin, stdout & stderr are open before going any further */ - for( i = 0; i < 3; i++ ) - if( fstat(i, &st) == -1 && ((errno != EBADF) || (close(i), open("/dev/null", O_RDWR, 0)) != i )) - return 0; - - /* disable core dumps in case we're processing sensitive information */ - rlim.rlim_cur = rlim.rlim_max = 0; - if(setrlimit(RLIMIT_CORE, &rlim)) - { perror("Couldn't disable core dumps"); return 0; } - - /* drop any supplementary groups, set uid & gid to root */ - if (setgroups(0, NULL)) { perror("Couldn't clear group list"); return 0; } - if (setgid(0)) { perror("Couldn't setgid(0)"); return 0; } - if (setuid(0)) { perror("Couldn't setuid(0)"); return 0; } - - return 1; -} +/* This file is part of the IPCop Firewall. + * + * IPCop is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * IPCop is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with IPCop; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + * + * Copyright (C) 2003-04-22 Robert Kerr + * + * $Id: setuid.c,v 1.2.2.1 2005/11/18 14:51:43 franck78 Exp $ + * + */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "setuid.h" + +#ifndef OPEN_MAX +#define OPEN_MAX 256 +#endif + +/* Trusted environment for executing commands */ +char * trusted_env[4] = { + "PATH=/usr/bin:/usr/sbin:/sbin:/bin", + "SHELL=/bin/sh", + "TERM=dumb", + NULL +}; + +/* Spawns a child process that uses /bin/sh to interpret a command. + * This is much the same in use and purpose as system(), yet as it uses execve + * to pass a trusted environment it's immune to attacks based upon changing + * IFS, ENV, BASH_ENV and other such variables. + * Note this does NOT guard against any other attacks, inparticular you MUST + * validate the command you are passing. If the command is formed from user + * input be sure to check this input is what you expect. Nasty things can + * happen if a user can inject ; or `` into your command for example */ +int safe_system(char* command) +{ + return system_core( command, 0, 0, "safe_system" ); +} + +/* Much like safe_system but lets you specify a non-root uid and gid to run + * the command as */ +int unpriv_system(char* command, uid_t uid, gid_t gid) +{ + return system_core(command, uid, gid, "unpriv_system" ); +} + +int system_core(char* command, uid_t uid, gid_t gid, char *error) +{ + int pid, status; + + if(!command) + return 1; + + switch( pid = fork() ) + { + case -1: + return -1; + case 0: /* child */ + { + char * argv[4]; + if (gid && setgid(gid)) + { + fprintf(stderr, "%s: ", error); + perror("Couldn't setgid"); + exit(127); + } + if (uid && setuid(uid)) + { + fprintf(stderr, "%s: ", error); + perror("Couldn't setuid"); + exit(127); + } + argv[0] = "sh"; + argv[1] = "-c"; + argv[2] = command; + argv[3] = NULL; + execve("/bin/sh", argv, trusted_env); + fprintf(stderr, "%s: ", error); + perror("execve failed"); + exit(127); + } + default: /* parent */ + do { + if( waitpid(pid, &status, 0) == -1 ) { + if( errno != EINTR ) + return -1; + } else + return status; + } while (1); + } + +} + +/* General routine to initialise a setuid root program, and put the + * environment in a known state. Returns 1 on success, if initsetuid() returns + * 0 then you should exit(1) immediately, DON'T attempt to recover from the + * error */ +int initsetuid(void) +{ + int fds,i; + struct stat st; + struct rlimit rlim; + + /* Prevent signal tricks by ignoring all except SIGKILL and SIGCHILD */ + for( i = 0; i < NSIG; i++ ) { + if( i != SIGKILL && i != SIGCHLD ) + signal(i, SIG_IGN); + } + + /* dump all non-standard file descriptors (a full descriptor table could + * lead to DoS by preventing us opening files) */ + if ((fds = getdtablesize()) == -1) fds = OPEN_MAX; + for( i = 3; i < fds; i++ ) close(i); + + /* check stdin, stdout & stderr are open before going any further */ + for( i = 0; i < 3; i++ ) + if( fstat(i, &st) == -1 && ((errno != EBADF) || (close(i), open("/dev/null", O_RDWR, 0)) != i )) + return 0; + + /* disable core dumps in case we're processing sensitive information */ + rlim.rlim_cur = rlim.rlim_max = 0; + if(setrlimit(RLIMIT_CORE, &rlim)) + { perror("Couldn't disable core dumps"); return 0; } + + /* drop any supplementary groups, set uid & gid to root */ + if (setgroups(0, NULL)) { perror("Couldn't clear group list"); return 0; } + if (setgid(0)) { perror("Couldn't setgid(0)"); return 0; } + if (setuid(0)) { perror("Couldn't setuid(0)"); return 0; } + + return 1; +} -- 2.39.2