diff --git a/edge.c b/edge.c index 64b82e7..07626b6 100644 --- a/edge.c +++ b/edge.c @@ -19,6 +19,8 @@ #include "n2n.h" #ifdef WIN32 #include +#else +#include #endif #define N2N_NETMASK_STR_SIZE 16 /* dotted decimal 12 numbers + 3 dots */ @@ -577,6 +579,9 @@ int main(int argc, char* argv[]) { n2n_edge_t *eee; /* single instance for this program */ n2n_edge_conf_t conf; /* generic N2N edge config */ n2n_priv_config_t ec; /* config used for standalone program execution */ +#ifndef WIN32 + struct passwd *pw = NULL; +#endif if(argc == 1) help(); @@ -586,9 +591,13 @@ int main(int argc, char* argv[]) { memset(&ec, 0, sizeof(ec)); ec.mtu = DEFAULT_MTU; ec.daemon = 1; /* By default run in daemon mode. */ + #ifndef WIN32 - ec.userid = 0; /* root is the only guaranteed ID */ - ec.groupid = 0; /* root is the only guaranteed ID */ + if(((pw = getpwnam("n2n")) != NULL) || + ((pw = getpwnam("nobody")) != NULL)) { + ec.userid = pw->pw_uid; + ec.groupid = pw->pw_gid; + } #endif #ifdef WIN32 @@ -658,9 +667,15 @@ int main(int argc, char* argv[]) { (signed int)ec.userid, (signed int)ec.groupid); /* Finished with the need for root privileges. Drop to unprivileged user. */ - setreuid(ec.userid, ec.userid); - setregid(ec.groupid, ec.groupid); + if((setgid(ec.groupid) != 0) + || (setuid(ec.userid) != 0)) { + traceEvent(TRACE_ERROR, "Unable to drop privileges [%u/%s]", errno, strerror(errno)); + exit(1); + } } + + if((getuid() == 0) || (getgid() == 0)) + traceEvent(TRACE_WARNING, "Running as root is discouraged, check out the -u/-g options"); #endif #ifdef __linux__ diff --git a/sn.c b/sn.c index 6f8d506..652c2fb 100644 --- a/sn.c +++ b/sn.c @@ -993,6 +993,11 @@ int main(int argc, char * const argv[]) { } #endif /* #if defined(N2N_HAVE_DAEMON) */ +#ifndef WIN32 + if((getuid() == 0) || (getgid() == 0)) + traceEvent(TRACE_WARNING, "Running as root is discouraged"); +#endif + traceEvent(TRACE_DEBUG, "traceLevel is %d", getTraceLevel()); sss_node.sock = open_socket(sss_node.lport, 1 /*bind ANY*/);