removed djumbai_send group

This commit is contained in:
Afonso Franco 2024-05-12 15:49:23 +01:00
parent 15ab32dc48
commit b29258a2e9
Signed by: afonso
SSH key fingerprint: SHA256:PQTRDHPH3yALEGtHXnXBp3Orfcn21pK20t0tS1kHg54
2 changed files with 39 additions and 11 deletions

View file

@ -9,8 +9,12 @@
int main() { int main() {
// Change the root of the process so it doesn't have access to anything else. // Change the root of the process so it doesn't have access to anything else.
chroot("/opt/djumbai/");
const char *message_queue_path = "/opt/djumbai/fifos/message_queue"; chdir("/opt/djumbai/");
if (chroot("/opt/djumbai/") != 0) {
perror("chroot /opt/djumbai");
return 1;
const char *message_queue_path = "fifos/message_queue";
if (access(message_queue_path, F_OK) != -1) { if (access(message_queue_path, F_OK) != -1) {
// FIFO exists, delete it // FIFO exists, delete it

View file

@ -1,19 +1,38 @@
#include "../../libs/communication/communication.h" #include "../../libs/communication/communication.h"
#include "../../libs/protocol/protocol.h" #include "../../libs/protocol/protocol.h"
#include <errno.h> #include <errno.h>
#include <sys/wait.h>
#include <fcntl.h> #include <fcntl.h>
#include <pwd.h> #include <pwd.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
#include <sys/stat.h> #include <sys/stat.h>
#include <sys/wait.h>
#include <unistd.h> #include <unistd.h>
int main() { int main() {
// Get the UID of the djumbaid user.
const char *djumbaid_username = "djumbaid";
// Open the FIFO for writing struct passwd *pw = getpwnam(djumbaid_username);
chroot("/opt/djumbai/"); if (pw == NULL) {
const char *send_fifo_path = "/opt/djumbai/fifos/send_fifo"; fprintf(stderr, "User %s not found\n", djumbaid_username);
exit(EXIT_FAILURE);
}
//Store previous UID
uid_t original_euid = geteuid();
// Set UID to djumbaid
if (seteuid(pw->pw_uid) == -1) {
perror("setuid");
exit(EXIT_FAILURE);
}
chdir("/opt/djumbai/");
if (chroot("/opt/djumbai/") != 0) {
perror("chroot /opt/djumbai");
return 1;
}
const char *send_fifo_path = "fifos/send_fifo";
if (access(send_fifo_path, F_OK) != -1) { if (access(send_fifo_path, F_OK) != -1) {
// FIFO exists, delete it // FIFO exists, delete it
if (unlink(send_fifo_path) == -1) { if (unlink(send_fifo_path) == -1) {
@ -24,7 +43,7 @@ int main() {
} }
// Open the FIFO for reading // Open the FIFO for reading
if (mkfifo(send_fifo_path, 0420) == -1) { if (mkfifo(send_fifo_path, 0600) == -1) {
perror("mkfifo"); perror("mkfifo");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@ -41,6 +60,11 @@ int main() {
return 1; return 1;
} }
} }
//Restore previous UID
if (seteuid(original_euid) == -1) {
perror("Restore original euid");
exit(EXIT_FAILURE);
}
while (1) { while (1) {
// Read message from the send_fifo // Read message from the send_fifo
@ -77,20 +101,20 @@ int main() {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
// Set UID to nobody // Set UID to nobody
if (setuid(pw->pw_uid) == -1) { if (seteuid(pw->pw_uid) == -1) {
perror("setuid"); perror("setuid");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
// Set gid to receiver // Set gid to receiver
if (setgid(msg.header.receiver) == -1) { if (setegid(msg.header.receiver) == -1) {
perror("setgid"); perror("setgid");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
} else { } else {
// Message receiver is a user // Message receiver is a user
// Change UID receiver // Change UID receiver
if (setuid(msg.header.receiver) == -1) { if (seteuid(msg.header.receiver) == -1) {
perror("setuid"); perror("setuid");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
@ -101,7 +125,7 @@ int main() {
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }
if (setgid(pw->pw_gid) == -1) { if (setegid(pw->pw_gid) == -1) {
perror("setgid"); perror("setgid");
exit(EXIT_FAILURE); exit(EXIT_FAILURE);
} }