commit f278e9f47d626981d26f061adec552581a03b7d9
parent 98118c6d6e5219ebae7c239e9ca55fad38daef86
Author: sin <sin@2f30.org>
Date: Tue, 29 Mar 2016 10:42:25 +0100
revoke privs later so bind can succeed on low ports
Diffstat:
| M | stun.c | | | 31 | ++++++++++++++++--------------- |
1 file changed, 16 insertions(+), 15 deletions(-)
diff --git a/stun.c b/stun.c
@@ -155,6 +155,20 @@ logerr(char *msg, ...)
exit(1);
}
+void
+revokeprivs(void)
+{
+ struct passwd *pw;
+
+ pw = getpwnam(NOPRIVUSER);
+ if (!pw)
+ logerr("no %s user", NOPRIVUSER);
+ if (setgroups(1, &pw->pw_gid) ||
+ setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
+ setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
+ logerr("failed to revoke privs");
+}
+
int
padto(int len, int blocksize)
{
@@ -641,6 +655,7 @@ serversetup(int devfd)
if (ret < 0)
logerr("listen failed");
+ revokeprivs();
for (;;) {
netfd = accept(listenfd, (struct sockaddr *)&remote,
(socklen_t []){sizeof(remote)});
@@ -761,20 +776,6 @@ daemonize(void)
}
void
-revokeprivs(void)
-{
- struct passwd *pw;
-
- pw = getpwnam(NOPRIVUSER);
- if (!pw)
- logerr("no %s user", NOPRIVUSER);
- if (setgroups(1, &pw->pw_gid) ||
- setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
- setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
- logerr("failed to revoke privs");
-}
-
-void
usage(void)
{
fprintf(stderr, "usage: stun [-df] -s [-p port] [-t type] interface\n");
@@ -825,7 +826,6 @@ main(int argc, char *argv[])
openlog("stun", LOG_PID | LOG_NDELAY, LOG_DAEMON);
devfd = opendev(argv[0]);
- revokeprivs();
pw = getenv("STUNPW");
if (!pw)
@@ -836,6 +836,7 @@ main(int argc, char *argv[])
if (sflag)
return serversetup(devfd);
/* auto-reconnect client */
+ revokeprivs();
for (;;) {
clientsetup(devfd);
sleep(RECONNECTTIMEO);
