hermes

HTTP GET/HEAD-only web server for static content.
git clone git://git.francescosaccone.com/hermes
Log | Files | Refs | README | LICENSE
commit cc28872545635bfae01e9afbb1efb5370e8fa300
parent 7200f4346ae5b7d3022f972d6b743e2de7b0aad4
Author: Francesco Saccone <francesco@francescosaccone.com>
Date:   Mon, 31 Mar 2025 15:45:17 +0200

feat: drop privileges before reading client request

Signed-off-by: Francesco Saccone <francesco@francescosaccone.com>

Diffstat:

Mmain.c | 11+++++++++++


1 file changed, 11 insertions(+), 0 deletions(-)

diff --git a/main.c b/main.c
@@ -3,6 +3,7 @@
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 
 #include "socket.h"
 #include "utils.h"
@@ -115,6 +116,16 @@ main(int argc, char *argv[]) {
 			continue;
 		}
 
+		if (setgid(group->gr_gid) == -1) {
+			print_error("error: could not drop privileges to given group");
+			return 1;
+		}
+
+		if (setuid(user->pw_uid) == -1) {
+			print_error("error: could not drop privileges to given user");
+			return 1;
+		}
+
 		if (read_client_request(client_socket_fd,
 		                        buffer,
 		                        buffer_size) == -1) {