mirror of
https://github.com/ntop/n2n.git
synced 2024-09-20 00:51:10 +02:00
Drop privileges by default for edge nodes and add root warning
This commit is contained in:
parent
636c57768f
commit
b19232bc7a
23
edge.c
23
edge.c
|
@ -19,6 +19,8 @@
|
||||||
#include "n2n.h"
|
#include "n2n.h"
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
#include <sys/stat.h>
|
#include <sys/stat.h>
|
||||||
|
#else
|
||||||
|
#include <pwd.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#define N2N_NETMASK_STR_SIZE 16 /* dotted decimal 12 numbers + 3 dots */
|
#define N2N_NETMASK_STR_SIZE 16 /* dotted decimal 12 numbers + 3 dots */
|
||||||
|
@ -577,6 +579,9 @@ int main(int argc, char* argv[]) {
|
||||||
n2n_edge_t *eee; /* single instance for this program */
|
n2n_edge_t *eee; /* single instance for this program */
|
||||||
n2n_edge_conf_t conf; /* generic N2N edge config */
|
n2n_edge_conf_t conf; /* generic N2N edge config */
|
||||||
n2n_priv_config_t ec; /* config used for standalone program execution */
|
n2n_priv_config_t ec; /* config used for standalone program execution */
|
||||||
|
#ifndef WIN32
|
||||||
|
struct passwd *pw = NULL;
|
||||||
|
#endif
|
||||||
|
|
||||||
if(argc == 1)
|
if(argc == 1)
|
||||||
help();
|
help();
|
||||||
|
@ -586,9 +591,13 @@ int main(int argc, char* argv[]) {
|
||||||
memset(&ec, 0, sizeof(ec));
|
memset(&ec, 0, sizeof(ec));
|
||||||
ec.mtu = DEFAULT_MTU;
|
ec.mtu = DEFAULT_MTU;
|
||||||
ec.daemon = 1; /* By default run in daemon mode. */
|
ec.daemon = 1; /* By default run in daemon mode. */
|
||||||
|
|
||||||
#ifndef WIN32
|
#ifndef WIN32
|
||||||
ec.userid = 0; /* root is the only guaranteed ID */
|
if(((pw = getpwnam("n2n")) != NULL) ||
|
||||||
ec.groupid = 0; /* root is the only guaranteed ID */
|
((pw = getpwnam("nobody")) != NULL)) {
|
||||||
|
ec.userid = pw->pw_uid;
|
||||||
|
ec.groupid = pw->pw_gid;
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef WIN32
|
#ifdef WIN32
|
||||||
|
@ -658,9 +667,15 @@ int main(int argc, char* argv[]) {
|
||||||
(signed int)ec.userid, (signed int)ec.groupid);
|
(signed int)ec.userid, (signed int)ec.groupid);
|
||||||
|
|
||||||
/* Finished with the need for root privileges. Drop to unprivileged user. */
|
/* Finished with the need for root privileges. Drop to unprivileged user. */
|
||||||
setreuid(ec.userid, ec.userid);
|
if((setgid(ec.groupid) != 0)
|
||||||
setregid(ec.groupid, ec.groupid);
|
|| (setuid(ec.userid) != 0)) {
|
||||||
|
traceEvent(TRACE_ERROR, "Unable to drop privileges [%u/%s]", errno, strerror(errno));
|
||||||
|
exit(1);
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if((getuid() == 0) || (getgid() == 0))
|
||||||
|
traceEvent(TRACE_WARNING, "Running as root is discouraged, check out the -u/-g options");
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef __linux__
|
#ifdef __linux__
|
||||||
|
|
5
sn.c
5
sn.c
|
@ -993,6 +993,11 @@ int main(int argc, char * const argv[]) {
|
||||||
}
|
}
|
||||||
#endif /* #if defined(N2N_HAVE_DAEMON) */
|
#endif /* #if defined(N2N_HAVE_DAEMON) */
|
||||||
|
|
||||||
|
#ifndef WIN32
|
||||||
|
if((getuid() == 0) || (getgid() == 0))
|
||||||
|
traceEvent(TRACE_WARNING, "Running as root is discouraged");
|
||||||
|
#endif
|
||||||
|
|
||||||
traceEvent(TRACE_DEBUG, "traceLevel is %d", getTraceLevel());
|
traceEvent(TRACE_DEBUG, "traceLevel is %d", getTraceLevel());
|
||||||
|
|
||||||
sss_node.sock = open_socket(sss_node.lport, 1 /*bind ANY*/);
|
sss_node.sock = open_socket(sss_node.lport, 1 /*bind ANY*/);
|
||||||
|
|
Loading…
Reference in New Issue
Block a user