kdxcxs
/
n2n
mirror of https://github.com/ntop/n2n.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

Drop privileges by default for edge nodes and add root warning

pull/149/head
emanuele-f 5 years ago
parent
636c57768f
commit
b19232bc7a
2 changed files with 24 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      edge.c
  2. 5
      sn.c

23
edge.c
View File

@ -19,6 +19,8 @@
#include "n2n.h" #include "n2n.h"
#ifdef WIN32 #ifdef WIN32
#include <sys/stat.h> #include <sys/stat.h>
#else
#include <pwd.h>
#endif #endif
#define N2N_NETMASK_STR_SIZE 16 /* dotted decimal 12 numbers + 3 dots */ #define N2N_NETMASK_STR_SIZE 16 /* dotted decimal 12 numbers + 3 dots */
@ -577,6 +579,9 @@ int main(int argc, char* argv[]) {
n2n_edge_t *eee; /* single instance for this program */ n2n_edge_t *eee; /* single instance for this program */
n2n_edge_conf_t conf; /* generic N2N edge config */ n2n_edge_conf_t conf; /* generic N2N edge config */
n2n_priv_config_t ec; /* config used for standalone program execution */ n2n_priv_config_t ec; /* config used for standalone program execution */
#ifndef WIN32
struct passwd *pw = NULL;
#endif
if(argc == 1) if(argc == 1)
help(); help();
@ -586,9 +591,13 @@ int main(int argc, char* argv[]) {
memset(&ec, 0, sizeof(ec)); memset(&ec, 0, sizeof(ec));
ec.mtu = DEFAULT_MTU; ec.mtu = DEFAULT_MTU;
ec.daemon = 1; /* By default run in daemon mode. */ ec.daemon = 1; /* By default run in daemon mode. */
#ifndef WIN32 #ifndef WIN32
ec.userid = 0; /* root is the only guaranteed ID */ if(((pw = getpwnam("n2n")) != NULL) ||
ec.groupid = 0; /* root is the only guaranteed ID */ ((pw = getpwnam("nobody")) != NULL)) {
ec.userid = pw->pw_uid;
ec.groupid = pw->pw_gid;
}
#endif #endif
#ifdef WIN32 #ifdef WIN32
@ -658,9 +667,15 @@ int main(int argc, char* argv[]) {
(signed int)ec.userid, (signed int)ec.groupid); (signed int)ec.userid, (signed int)ec.groupid);
/* Finished with the need for root privileges. Drop to unprivileged user. */ /* Finished with the need for root privileges. Drop to unprivileged user. */
setreuid(ec.userid, ec.userid); if((setgid(ec.groupid) != 0)
setregid(ec.groupid, ec.groupid); || (setuid(ec.userid) != 0)) {
traceEvent(TRACE_ERROR, "Unable to drop privileges [%u/%s]", errno, strerror(errno));
exit(1);
}
} }
if((getuid() == 0) || (getgid() == 0))
traceEvent(TRACE_WARNING, "Running as root is discouraged, check out the -u/-g options");
#endif #endif
#ifdef __linux__ #ifdef __linux__

5
sn.c
View File

@ -993,6 +993,11 @@ int main(int argc, char * const argv[]) {
} }
#endif /* #if defined(N2N_HAVE_DAEMON) */ #endif /* #if defined(N2N_HAVE_DAEMON) */
#ifndef WIN32
if((getuid() == 0) || (getgid() == 0))
traceEvent(TRACE_WARNING, "Running as root is discouraged");
#endif
traceEvent(TRACE_DEBUG, "traceLevel is %d", getTraceLevel()); traceEvent(TRACE_DEBUG, "traceLevel is %d", getTraceLevel());
sss_node.sock = open_socket(sss_node.lport, 1 /*bind ANY*/); sss_node.sock = open_socket(sss_node.lport, 1 /*bind ANY*/);

Write Preview
Loading…
Cancel
Save