From 9330d9263976f9c78f41a67f1f57ffe1b1b4e632 Mon Sep 17 00:00:00 2001
From: Thomas Veerman <thomas@minix3.org>
Date: Fri, 27 Jan 2012 14:21:10 +0000
Subject: [PATCH] INET: drop privileges upon startup

---
 servers/inet/inet.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/servers/inet/inet.c b/servers/inet/inet.c
index 82c290191..3e3ce0db3 100644
--- a/servers/inet/inet.c
+++ b/servers/inet/inet.c
@@ -43,6 +43,9 @@ from DL_ETH:
 #include <minix/ds.h>
 #include <minix/endpoint.h>
 #include <minix/chardriver.h>
+#include <minix/rs.h>
+#include <sys/types.h>
+#include <pwd.h>
 
 #include "mq.h"
 #include "qp.h"
@@ -207,6 +210,7 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
 	int timerand, fd;
 	u8_t randbits[32];
 	struct timeval tv;
+	struct passwd *pw;
 
 #if DEBUG
 	printf("Starting inet...\n");
@@ -281,6 +285,12 @@ PRIVATE int sef_cb_init_fresh(int type, sef_init_info_t *info)
 		ip_panic(("inet: can't subscribe to driver events"));
 	}
 
+	/* Drop root privileges */
+	if ((pw = getpwnam(SERVICE_LOGIN)) == NULL)
+		ip_panic(("inet: unable to retrieve uid of SERVICE_LOGIN"));
+	if (setuid(pw->pw_uid) != 0)
+		ip_panic(("inet: unable to drop privileges"));
+
 	/* Announce we are up. INET announces its presence to VFS just like
 	 * any other character driver.
 	 */
-- 
2.44.0