commit 0e0c12bde0347c2d1f20eeadd0d7ec3891264a51
parent 1dddf37c1c6c38fe80be741bd6829c1620ef8498
Author: Francesco Saccone <francesco@francescosaccone.com>
Date: Mon, 31 Mar 2025 16:06:25 +0200
fix: drop privileges and chroot before the main loop
Signed-off-by: Francesco Saccone <francesco@francescosaccone.com>
Diffstat:
| M | main.c | | | 50 | +++++++++++++++++++++++++------------------------- |
1 file changed, 25 insertions(+), 25 deletions(-)
diff --git a/main.c b/main.c
@@ -127,6 +127,31 @@ main(int argc, char *argv[]) {
server_socket_fd = create_socket(port);
+ if (setgid(group->gr_gid) == -1) {
+ print_error("error: could not drop privileges to given group");
+ return 1;
+ }
+
+ if (setuid(user->pw_uid) == -1) {
+ print_error("error: could not drop privileges to given user");
+ return 1;
+ }
+
+ if (access(directory, R_OK) == -1) {
+ print_error("error: directory is nonexistent or inaccessible");
+ return 1;
+ }
+
+ if (chroot(directory) == -1) {
+ print_error("error: could not chroot to directory");
+ return 1;
+ }
+
+ if (chdir("/") == -1) {
+ print_error("error: could not change directory after chrooting");
+ return 1;
+ }
+
while (1) {
int client_socket_fd,
buffer_size = 104857600 * sizeof(char); /* i.e. 100 MiB */
@@ -140,31 +165,6 @@ main(int argc, char *argv[]) {
continue;
}
- if (setgid(group->gr_gid) == -1) {
- print_error("error: could not drop privileges to given group");
- return 1;
- }
-
- if (setuid(user->pw_uid) == -1) {
- print_error("error: could not drop privileges to given user");
- return 1;
- }
-
- if (access(directory, R_OK) == -1) {
- print_error("error: directory is nonexistent or inaccessible");
- return 1;
- }
-
- if (chroot(directory) == -1) {
- print_error("error: could not chroot to directory");
- return 1;
- }
-
- if (chdir("/") == -1) {
- print_error("error: could not change directory after chrooting");
- return 1;
- }
-
if (read_client_request(client_socket_fd,
buffer,
buffer_size) == -1) {
