|
Packit Service |
584ef9 |
#include <errno.h>
|
|
Packit Service |
584ef9 |
#include <stdlib.h>
|
|
Packit Service |
584ef9 |
#include <stdio.h>
|
|
Packit Service |
584ef9 |
#include <string.h>
|
|
Packit Service |
584ef9 |
#include <unistd.h>
|
|
Packit Service |
584ef9 |
#include "memcached.h"
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
/*
|
|
Packit Service |
584ef9 |
* this section of code will drop all (OpenBSD) privileges including
|
|
Packit Service |
584ef9 |
* those normally granted to all userland process (basic privileges). The
|
|
Packit Service |
584ef9 |
* effect of this is that after running this code, the process will not able
|
|
Packit Service |
584ef9 |
* to fork(), exec(), etc. See pledge(2) for more information.
|
|
Packit Service |
584ef9 |
*/
|
|
Packit Service |
584ef9 |
void drop_privileges() {
|
|
Packit Service |
584ef9 |
extern char *__progname;
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
if (settings.socketpath != NULL) {
|
|
Packit Service |
584ef9 |
if (pledge("stdio unix", NULL) == -1) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
} else {
|
|
Packit Service |
584ef9 |
if (pledge("stdio inet", NULL) == -1) {
|
|
Packit Service |
584ef9 |
fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno));
|
|
Packit Service |
584ef9 |
exit(EXIT_FAILURE);
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
}
|
|
Packit Service |
584ef9 |
|
|
Packit Service |
584ef9 |
void setup_privilege_violations_handler(void) {
|
|
Packit Service |
584ef9 |
// not needed
|
|
Packit Service |
584ef9 |
}
|