INET: drop privileges upon startup

author Thomas Veerman <thomas@minix3.org>

Fri, 27 Jan 2012 14:21:10 +0000 (14:21 +0000)

committer Thomas Veerman <thomas@minix3.org>

Mon, 30 Jan 2012 15:16:20 +0000 (15:16 +0000)
author Thomas Veerman <thomas@minix3.org>
Fri, 27 Jan 2012 14:21:10 +0000 (14:21 +0000)
committer Thomas Veerman <thomas@minix3.org>
Mon, 30 Jan 2012 15:16:20 +0000 (15:16 +0000)
diff --git a/servers/inet/inet.c b/servers/inet/inet.c

index 82c29019149fc6fd3af108dc630cb79f5fdd5348..3e3ce0db3b8c3a9dd232a31a9dfe94470bfa74ad 100644 (file)
--- a/servers/inet/inet.c
+++ b/servers/inet/inet.c
@@ -43,6 +43,9 @@ from DL_ETH:
  #include <minix/ds.h>
  #include <minix/endpoint.h>
  #include <minix/chardriver.h>
+#include <minix/rs.h>
+#include <sys/types.h>
+#include <pwd.h>
  
  #include "mq.h"
  #include "qp.h"
@@ -207,6 +210,7 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
         int timerand, fd;
         u8_t randbits[32];
         struct timeval tv;
+       struct passwd *pw;
  
  #if DEBUG
         printf("Starting inet...\n");
@@ -281,6 +285,12 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
                 ip_panic(("inet: can't subscribe to driver events"));
         }
  
+       /* Drop root privileges */
+       if ((pw = getpwnam(SERVICE_LOGIN)) == NULL)
+               ip_panic(("inet: unable to retrieve uid of SERVICE_LOGIN"));
+       if (setuid(pw->pw_uid) != 0)
+               ip_panic(("inet: unable to drop privileges"));
+
         /* Announce we are up. INET announces its presence to VFS just like
          * any other character driver.
          */
author	Thomas Veerman <thomas@minix3.org>
	Fri, 27 Jan 2012 14:21:10 +0000 (14:21 +0000)
committer	Thomas Veerman <thomas@minix3.org>
	Mon, 30 Jan 2012 15:16:20 +0000 (15:16 +0000)