|
Packit Service |
584ef9 |
#include <sys/capsicum.h>
|
|
Packit Service |
584ef9 |
#include <errno.h>
|
|
Packit Service |
584ef9 |
#include <stdlib.h>
|
|
Packit Service |
584ef9 |
#include <stdio.h>
|
|
Packit Service |
584ef9 |
#include <string.h>
|
|
Packit Service |
584ef9 |
#include <unistd.h>
|
|
Packit Service |
584ef9 |
#include "memcached.h"
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
/*
|
|
Packit Service |
584ef9 |
* dropping privileges is entering in capability mode
|
|
Packit Service |
584ef9 |
* in FreeBSD vocabulary.
|
|
Packit Service |
584ef9 |
*/
|
|
Packit Service |
584ef9 |
void drop_privileges() {
|
|
Packit Service |
584ef9 |
cap_rights_t wd, rd;
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
if (cap_rights_init(&wd, CAP_WRITE, CAP_READ) == NULL) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "cap_rights_init write protection failed: %s\n", strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
if (cap_rights_init(&rd, CAP_FCNTL, CAP_READ, CAP_EVENT) == NULL) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "cap_rights_init read protection failed: %s\n", strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
if (cap_rights_limit(STDIN_FILENO, &rd) != 0) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "cap_rights_limit stdin failed: %s\n", strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
if (cap_rights_limit(STDOUT_FILENO, &wd) != 0) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "cap_rights_limit stdout failed: %s\n", strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
if (cap_rights_limit(STDERR_FILENO, &wd) != 0) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "cap_rights_limit stderr failed: %s\n", strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
if (cap_enter() != 0) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "cap_enter failed: %s\n", strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
void setup_privilege_violations_handler(void) {
|
|
Packit Service |
584ef9 |
// not needed
|
|
Packit Service |
584ef9 |
}
|