code.delx.au - pulseaudio/blob - src/daemon/caps.c

   1 /***
   2   This file is part of PulseAudio.
   3
   4   Copyright 2004-2006 Lennart Poettering
   5   Copyright 2006 Pierre Ossman <ossman@cendio.se> for Cendio AB
   6
   7   PulseAudio is free software; you can redistribute it and/or modify
   8   it under the terms of the GNU Lesser General Public License as published
   9   by the Free Software Foundation; either version 2.1 of the License,
  10   or (at your option) any later version.
  11
  12   PulseAudio is distributed in the hope that it will be useful, but
  13   WITHOUT ANY WARRANTY; without even the implied warranty of
  14   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  15   General Public License for more details.
  16
  17   You should have received a copy of the GNU Lesser General Public License
  18   along with PulseAudio; if not, write to the Free Software
  19   Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
  20   USA.
  21 ***/
  22
  23 #ifdef HAVE_CONFIG_H
  24 #include <config.h>
  25 #endif
  26
  27 #include <unistd.h>
  28 #include <errno.h>
  29 #include <string.h>
  30 #include <sys/types.h>
  31
  32 #include <pulse/i18n.h>
  33
  34 #include <pulsecore/macro.h>
  35 #include <pulsecore/core-error.h>
  36 #include <pulsecore/log.h>
  37 #include <pulsecore/core-util.h>
  38
  39 #ifdef HAVE_SYS_CAPABILITY_H
  40 #include <sys/capability.h>
  41 #endif
  42
  43 #ifdef HAVE_SYS_PRCTL_H
  44 #include <sys/prctl.h>
  45 #endif
  46
  47 #include "caps.h"
  48
  49 /* Glibc <= 2.2 has broken unistd.h */
  50 #if defined(linux) && (__GLIBC__ <= 2 && __GLIBC_MINOR__ <= 2)
  51 int setresgid(gid_t r, gid_t e, gid_t s);
  52 int setresuid(uid_t r, uid_t e, uid_t s);
  53 #endif
  54
  55 /* Drop root rights when called SUID root */
  56 void pa_drop_root(void) {
  57
  58 #ifdef HAVE_GETUID
  59     uid_t uid;
  60
  61     uid = getuid();
  62     if (uid == 0 || geteuid() != 0)
  63         return;
  64
  65     pa_log_info(_("Dropping root privileges."));
  66
  67 #if defined(HAVE_SETRESUID)
  68     pa_assert_se(setresuid(uid, uid, uid) >= 0);
  69 #elif defined(HAVE_SETREUID)
  70     pa_assert_se(setreuid(uid, uid) >= 0);
  71 #else
  72     pa_assert_se(setuid(uid) >= 0);
  73     pa_assert_se(seteuid(uid) >= 0);
  74 #endif
  75
  76     pa_assert_se(getuid() == uid);
  77     pa_assert_se(geteuid() == uid);
  78 #endif
  79
  80 #ifdef HAVE_SYS_PRCTL_H
  81     pa_assert_se(prctl(PR_SET_KEEPCAPS, 0, 0, 0, 0) == 0);
  82 #endif
  83
  84 #ifdef HAVE_SYS_CAPABILITY_H
  85     {
  86         cap_t caps;
  87         pa_assert_se(caps = cap_init());
  88         pa_assert_se(cap_clear(caps) == 0);
  89         pa_assert_se(cap_set_proc(caps) == 0);
  90         pa_assert_se(cap_free(caps) == 0);
  91     }
  92 #endif
  93 }