summaryrefslogtreecommitdiff
path: root/sysdep/linux
diff options
context:
space:
mode:
authorOndrej Zajicek <santiago@crfreenet.org>2011-05-15 16:29:44 +0200
committerOndrej Zajicek <santiago@crfreenet.org>2011-05-15 16:29:44 +0200
commite8b89a610443f32b901801668cbae634e13f3e68 (patch)
treeee0f68cc90ad6df6c2d44fa8a9cca2fc449c0071 /sysdep/linux
parent1bc2695744c729804af32d48ce68854cba4de8f7 (diff)
Update and document the privilege restriction.
Diffstat (limited to 'sysdep/linux')
-rw-r--r--sysdep/linux/syspriv.h5
1 files changed, 5 insertions, 0 deletions
diff --git a/sysdep/linux/syspriv.h b/sysdep/linux/syspriv.h
index bfe19ac3..b2cdde85 100644
--- a/sysdep/linux/syspriv.h
+++ b/sysdep/linux/syspriv.h
@@ -48,15 +48,20 @@ drop_uid(uid_t uid)
CAP_TO_MASK(CAP_NET_ADMIN) |
CAP_TO_MASK(CAP_NET_RAW);
+ /* change effective user ID to be able to switch to that
+ user ID completely after dropping CAP_SETUID */
if (seteuid(uid) < 0)
die("seteuid: %m");
+ /* restrict the capabilities */
if (set_capabilities(caps) < 0)
die("capset: %m");
+ /* keep the capabilities after dropping root ID */
if (prctl(PR_SET_KEEPCAPS, 1) < 0)
die("prctl: %m");
+ /* completely switch to the unprivileged user ID */
if (setresuid(uid, uid, uid) < 0)
die("setresuid: %m");
}