commit 9b6122cb92ce56964f328b533d5f748a428c5a7d
parent bb2f2eb11fbe038e029c374e18023abd0916ba13
Author: sin <sin@2f30.org>
Date: Thu, 21 Apr 2016 12:43:05 +0100
Allow dropping privileges to specified user
Diffstat:
4 files changed, 19 insertions(+), 9 deletions(-)
diff --git a/stun.8 b/stun.8
@@ -1,4 +1,4 @@
-.Dd April 14, 2016
+.Dd April 21, 2016
.Dt STUN 8
.Os
.Sh NAME
@@ -13,6 +13,7 @@
.Op Fl p Ar port
.Op Fl t Ar devtype
.Op Fl c Ar cipher
+.Op Fl u Ar user
.Ar interface
.Nm stun
.Op Fl 46
@@ -21,6 +22,7 @@
.Op Fl p Ar port
.Op Fl t Ar devtype
.Op Fl c Ar cipher
+.Op Fl u Ar user
.Ar interface
.Sh DESCRIPTION
.Nm
@@ -63,6 +65,10 @@ Select the given
If the argument is ? then
.Nm
will list the available ciphers. The default cipher is chacha20-poly1305.
+.It Fl u Ar user
+Drop privileges to the specified
+.Ar user .
+The default user is nobody.
.El
.Sh BUGS
This program is an experiment and may not be secure. Use at your
diff --git a/stun.c b/stun.c
@@ -65,8 +65,8 @@ int sflag;
void
usage(void)
{
- fprintf(stderr, "usage: stun [-46] [-d] -s [-b address] [-p port] [-t devtype] [-c cipher] interface\n");
- fprintf(stderr, " stun [-46] [-d] -h host [-p port] [-t devtype] [-c cipher] interface\n");
+ fprintf(stderr, "usage: stun [-46] [-d] -s [-b address] [-p port] [-t devtype] [-c cipher] [-u user] interface\n");
+ fprintf(stderr, " stun [-46] [-d] -h host [-p port] [-t devtype] [-c cipher] [-u user] interface\n");
exit(1);
}
@@ -75,6 +75,7 @@ main(int argc, char *argv[])
{
struct rlimit rlim;
char *arg, *pw;
+ char *user = NOPRIVUSER;
int devfd, listenfd, netfd;
ARGBEGIN {
@@ -115,6 +116,9 @@ main(int argc, char *argv[])
return 0;
}
break;
+ case 'u':
+ user = EARGF(usage());
+ break;
default:
usage();
} ARGEND
@@ -150,7 +154,7 @@ main(int argc, char *argv[])
if (sflag) {
/* invoked as server */
listenfd = serverinit(bindaddr, port);
- revokeprivs();
+ revokeprivs(user);
#if defined(__OpenBSD__)
#include <sys/param.h>
#if OpenBSD >= 201605
@@ -171,7 +175,7 @@ main(int argc, char *argv[])
}
} else {
/* invoked as client */
- revokeprivs();
+ revokeprivs(user);
#if defined(__OpenBSD__)
#include <sys/param.h>
#if OpenBSD >= 201605
diff --git a/stun.h b/stun.h
@@ -78,7 +78,7 @@ void pack16(unsigned char *, uint16_t);
uint16_t unpack16(unsigned char *);
void pack64(unsigned char *, uint64_t);
uint64_t unpack64(unsigned char *);
-void revokeprivs(void);
+void revokeprivs(char *);
int setnonblock(int, int);
char *saddr_ntop(struct sockaddr *, socklen_t);
char *peer_ntop(int);
diff --git a/util.c b/util.c
@@ -53,12 +53,12 @@ unpack64(unsigned char *buf)
}
void
-revokeprivs(void)
+revokeprivs(char *user)
{
struct passwd *pw;
- if (!(pw = getpwnam(NOPRIVUSER)))
- logerr("no %s user", NOPRIVUSER);
+ if (!(pw = getpwnam(user)))
+ logerr("no %s user", user);
if (setgroups(1, &pw->pw_gid) < 0 ||
setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0 ||
setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0)
