removed djumbai_send group
This commit is contained in:
parent
15ab32dc48
commit
b29258a2e9
2 changed files with 39 additions and 11 deletions
|
@ -9,8 +9,12 @@
|
||||||
|
|
||||||
int main() {
|
int main() {
|
||||||
// Change the root of the process so it doesn't have access to anything else.
|
// Change the root of the process so it doesn't have access to anything else.
|
||||||
chroot("/opt/djumbai/");
|
|
||||||
const char *message_queue_path = "/opt/djumbai/fifos/message_queue";
|
chdir("/opt/djumbai/");
|
||||||
|
if (chroot("/opt/djumbai/") != 0) {
|
||||||
|
perror("chroot /opt/djumbai");
|
||||||
|
return 1;
|
||||||
|
const char *message_queue_path = "fifos/message_queue";
|
||||||
|
|
||||||
if (access(message_queue_path, F_OK) != -1) {
|
if (access(message_queue_path, F_OK) != -1) {
|
||||||
// FIFO exists, delete it
|
// FIFO exists, delete it
|
||||||
|
|
|
@ -1,19 +1,38 @@
|
||||||
#include "../../libs/communication/communication.h"
|
#include "../../libs/communication/communication.h"
|
||||||
#include "../../libs/protocol/protocol.h"
|
#include "../../libs/protocol/protocol.h"
|
||||||
#include <errno.h>
|
#include <errno.h>
|
||||||
#include <sys/wait.h>
|
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <pwd.h>
|
#include <pwd.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#include <sys/wait.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
int main() {
|
int main() {
|
||||||
|
// Get the UID of the djumbaid user.
|
||||||
|
const char *djumbaid_username = "djumbaid";
|
||||||
|
|
||||||
// Open the FIFO for writing
|
struct passwd *pw = getpwnam(djumbaid_username);
|
||||||
chroot("/opt/djumbai/");
|
if (pw == NULL) {
|
||||||
const char *send_fifo_path = "/opt/djumbai/fifos/send_fifo";
|
fprintf(stderr, "User %s not found\n", djumbaid_username);
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
//Store previous UID
|
||||||
|
uid_t original_euid = geteuid();
|
||||||
|
// Set UID to djumbaid
|
||||||
|
if (seteuid(pw->pw_uid) == -1) {
|
||||||
|
perror("setuid");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
|
chdir("/opt/djumbai/");
|
||||||
|
if (chroot("/opt/djumbai/") != 0) {
|
||||||
|
perror("chroot /opt/djumbai");
|
||||||
|
return 1;
|
||||||
|
}
|
||||||
|
const char *send_fifo_path = "fifos/send_fifo";
|
||||||
if (access(send_fifo_path, F_OK) != -1) {
|
if (access(send_fifo_path, F_OK) != -1) {
|
||||||
// FIFO exists, delete it
|
// FIFO exists, delete it
|
||||||
if (unlink(send_fifo_path) == -1) {
|
if (unlink(send_fifo_path) == -1) {
|
||||||
|
@ -24,7 +43,7 @@ int main() {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Open the FIFO for reading
|
// Open the FIFO for reading
|
||||||
if (mkfifo(send_fifo_path, 0420) == -1) {
|
if (mkfifo(send_fifo_path, 0600) == -1) {
|
||||||
perror("mkfifo");
|
perror("mkfifo");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
@ -41,6 +60,11 @@ int main() {
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
//Restore previous UID
|
||||||
|
if (seteuid(original_euid) == -1) {
|
||||||
|
perror("Restore original euid");
|
||||||
|
exit(EXIT_FAILURE);
|
||||||
|
}
|
||||||
|
|
||||||
while (1) {
|
while (1) {
|
||||||
// Read message from the send_fifo
|
// Read message from the send_fifo
|
||||||
|
@ -77,20 +101,20 @@ int main() {
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
// Set UID to nobody
|
// Set UID to nobody
|
||||||
if (setuid(pw->pw_uid) == -1) {
|
if (seteuid(pw->pw_uid) == -1) {
|
||||||
perror("setuid");
|
perror("setuid");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set gid to receiver
|
// Set gid to receiver
|
||||||
if (setgid(msg.header.receiver) == -1) {
|
if (setegid(msg.header.receiver) == -1) {
|
||||||
perror("setgid");
|
perror("setgid");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Message receiver is a user
|
// Message receiver is a user
|
||||||
// Change UID receiver
|
// Change UID receiver
|
||||||
if (setuid(msg.header.receiver) == -1) {
|
if (seteuid(msg.header.receiver) == -1) {
|
||||||
perror("setuid");
|
perror("setuid");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
@ -101,7 +125,7 @@ int main() {
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (setgid(pw->pw_gid) == -1) {
|
if (setegid(pw->pw_gid) == -1) {
|
||||||
perror("setgid");
|
perror("setgid");
|
||||||
exit(EXIT_FAILURE);
|
exit(EXIT_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue