This file is part of polypaudio.
polypaudio is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published
+ it under the terms of the GNU Lesser General Public License as published
by the Free Software Foundation; either version 2 of the License,
or (at your option) any later version.
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with polypaudio; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
USA.
#include "caps.h"
void pa_drop_root(void) {
- if (getuid() != 0 && geteuid() == 0) {
- pa_log(__FILE__": Started SUID root, dropping root rights.\n");
- setuid(getuid());
- seteuid(getuid());
- }
+ uid_t uid = getuid();
+
+ if (uid == 0 || geteuid() != 0)
+ return;
+
+ pa_log(__FILE__": dropping root rights.\n");
+
+ setreuid(uid, uid);
+/* setuid(uid);
+ seteuid(uid);*/
}
#ifdef HAVE_SYS_CAPABILITY_H
+
int pa_limit_caps(void) {
int r = -1;
cap_t caps;
assert(caps);
cap_clear(caps);
+
cap_set_flag(caps, CAP_EFFECTIVE, 1, &nice_cap, CAP_SET);
cap_set_flag(caps, CAP_PERMITTED, 1, &nice_cap, CAP_SET);
if (cap_set_proc(caps) < 0)
goto fail;
- pa_log(__FILE__": Started SUID root, capabilities limited.\n");
-
+ pa_log(__FILE__": dropped capabilities successfully.\n");
+
r = 0;
fail:
cap_clear(caps);
- if (cap_set_proc(caps) < 0)
+ if (cap_set_proc(caps) < 0) {
+ pa_log(__FILE__": failed to drop capabilities: %s\n", strerror(errno));
goto fail;
-
- pa_drop_root();
+ }
r = 0;