privsep: Set resource limits when dropping privs

Disables forking, new files, sockets and writing large files.

diff --git a/src/privsep.c b/src/privsep.c
index fbfb99d37fdcd42cb97a4441ce6faa04841caab4..ed01d2a8600ac5f571287a2c0e2c6c6111b37cc4 100644 (file)
--- a/src/privsep.c
+++ b/src/privsep.c
@@ -39,6 +39,7 @@
  * this in a script or something.
  */
 
+#include <sys/resource.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
 #include <sys/types.h>
@@ -112,6 +113,7 @@ int
 ps_dropprivs(struct dhcpcd_ctx *ctx)
 {
        struct passwd *pw = ctx->ps_user;
+       struct rlimit rzero = { .rlim_cur = 0, .rlim_max = 0 };
 
        if (!(ctx->options & DHCPCD_FORKED))
                logdebugx("chrooting to `%s' as %s", pw->pw_dir, pw->pw_name);
@@ -128,6 +130,26 @@ ps_dropprivs(struct dhcpcd_ctx *ctx)
                return -1;
        }
 
+       /* Prohibit new files, sockets, etc */
+       if (setrlimit(RLIMIT_NOFILE, &rzero) == -1) {
+               logerr("setrlimit RLIMIT_NOFILE");
+               return -1;
+       }
+
+       /* Prohibit large files */
+       if (setrlimit(RLIMIT_FSIZE, &rzero) == -1) {
+               logerr("setrlimit RLIMIT_FSIZE");
+               return -1;
+       }
+
+#ifdef RLIMIT_NPROC
+       /* Prohibit forks */
+       if (setrlimit(RLIMIT_NPROC, &rzero) == -1) {
+               logerr("setrlimit RLIMIT_NPROC");
+               return -1;
+       }
+#endif
+
        return 0;
 }