|
 |
5755ea4 |
--- kismet-2007-01-R1b/kismet_server.cc.setgroups 2007-01-06 09:08:59.000000000 +0100
|
|
|
5755ea4 |
+++ kismet-2007-01-R1b/kismet_server.cc 2007-02-03 23:33:12.000000000 +0100
|
|
|
5755ea4 |
@@ -28,6 +28,7 @@
|
|
|
5755ea4 |
#include <stdlib.h>
|
|
|
5755ea4 |
#include <signal.h>
|
|
|
5755ea4 |
#include <pwd.h>
|
|
|
5755ea4 |
+#include <grp.h>
|
|
|
5755ea4 |
#include <string>
|
|
|
5755ea4 |
#include <vector>
|
|
|
5755ea4 |
|
|
|
5755ea4 |
@@ -2506,6 +2507,11 @@
|
|
|
5755ea4 |
exit(1);
|
|
|
5755ea4 |
}
|
|
|
5755ea4 |
|
|
|
5755ea4 |
+ if (setgroups(0,0) < 0) {
|
|
|
5755ea4 |
+ fprintf(stderr, "FATAL: setgroups() failed: %m.\n");
|
|
|
5755ea4 |
+ exit(1);
|
|
|
5755ea4 |
+ }
|
|
|
5755ea4 |
+
|
|
|
5755ea4 |
if (setuid(suid_id) < 0) {
|
|
|
5755ea4 |
fprintf(stderr, "FATAL: setuid() to %s (%d) failed.\n", suid_user, suid_id);
|
|
|
5755ea4 |
exit(1);
|
|
|
5755ea4 |
--- kismet-2007-01-R1b/kismet_drone.cc.setgroups 2006-04-13 00:42:59.000000000 +0200
|
|
|
5755ea4 |
+++ kismet-2007-01-R1b/kismet_drone.cc 2007-02-03 23:35:45.000000000 +0100
|
|
|
5755ea4 |
@@ -26,6 +26,7 @@
|
|
|
5755ea4 |
#include <stdlib.h>
|
|
|
5755ea4 |
#include <signal.h>
|
|
|
5755ea4 |
#include <pwd.h>
|
|
|
5755ea4 |
+#include <grp.h>
|
|
|
5755ea4 |
#include <string>
|
|
|
5755ea4 |
#include <vector>
|
|
|
5755ea4 |
|
|
|
5755ea4 |
@@ -298,6 +299,7 @@
|
|
|
5755ea4 |
struct passwd *pwordent;
|
|
|
5755ea4 |
const char *suid_user;
|
|
|
5755ea4 |
uid_t suid_id, real_uid;
|
|
|
5755ea4 |
+ gid_t suid_gid;
|
|
|
5755ea4 |
|
|
|
5755ea4 |
real_uid = getuid();
|
|
|
5755ea4 |
|
|
|
5755ea4 |
@@ -308,7 +310,8 @@
|
|
|
5755ea4 |
fprintf(stderr, " Make sure you have a valid user set for 'suiduser' in your config.\n");
|
|
|
5755ea4 |
exit(1);
|
|
|
5755ea4 |
} else {
|
|
|
5755ea4 |
- suid_id = pwordent->pw_uid;
|
|
|
5755ea4 |
+ suid_id = pwordent->pw_uid;
|
|
|
5755ea4 |
+ suid_gid = pwordent->pw_gid;
|
|
|
5755ea4 |
|
|
|
5755ea4 |
if (suid_id == 0) {
|
|
|
5755ea4 |
// If we're suiding to root...
|
|
|
5755ea4 |
@@ -516,6 +519,16 @@
|
|
|
5755ea4 |
// logfiles as root if we can avoid it. Once we've dropped, we'll investigate our
|
|
|
5755ea4 |
// sources again and open any defered
|
|
|
5755ea4 |
#ifdef HAVE_SUID
|
|
|
5755ea4 |
+ if (setgid(suid_gid) < 0) {
|
|
|
5755ea4 |
+ fprintf(stderr, "FATAL: setgid() to %d failed: %m\n", suid_gid);
|
|
|
5755ea4 |
+ exit(1);
|
|
|
5755ea4 |
+ }
|
|
|
5755ea4 |
+
|
|
|
5755ea4 |
+ if (setgroups(0,0) < 0) {
|
|
|
5755ea4 |
+ fprintf(stderr, "FATAL: setgroups() failed: %m\n");
|
|
|
5755ea4 |
+ exit(1);
|
|
|
5755ea4 |
+ }
|
|
|
5755ea4 |
+
|
|
|
5755ea4 |
if (setuid(suid_id) < 0) {
|
|
|
5755ea4 |
fprintf(stderr, "FATAL: setuid() to %s (%d) failed.\n", suid_user, suid_id);
|
|
|
5755ea4 |
exit(1);
|