diff options
| author | bie <bie@blekksprut.net> | 2016-11-10 18:01:49 +0100 |
|---|---|---|
| committer | bie <bie@blekksprut.net> | 2016-11-10 18:01:49 +0100 |
| commit | 3ce4f1f7e5e8b77a8e9862fe3adf1fdae24e7825 (patch) | |
| tree | 00f5d9148be9676674f7e407762c768c3407fc05 | |
| parent | f2dfa757e24b0073ed8a9d3703d6b6b52ac1a3d3 (diff) | |
| download | godzilla-master.tar.xz | |
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | godzilla.c | 12 |
2 files changed, 11 insertions, 3 deletions
@@ -14,5 +14,5 @@ config.h: cp config.def.h $@ godzilla: config.h godzilla.c - ${CC} ${CFLAGS} -o godzilla godzilla.c -lcrypt + ${CC} ${CFLAGS} -o godzilla godzilla.c -lcrypt -lcap @@ -9,6 +9,8 @@ #include <unistd.h> #include <pwd.h> #include <grp.h> +#include <sys/capability.h> +#include <sys/prctl.h> #include <sys/types.h> #include "config.h" @@ -79,10 +81,16 @@ int main(int argc, char **argv) { result = crypt(passw, s->sp_pwdp); if(!strcmp(result, s->sp_pwdp)) { struct passwd *user = getpwnam(login); + cap_value_t cap_values[] = { CAP_SETUID, CAP_SETGID }; + cap_t caps; + caps = cap_get_proc(); + cap_set_flag(caps, CAP_EFFECTIVE, 2, cap_values, CAP_SET); + cap_set_proc(caps); + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); + cap_free(caps); setgid(user->pw_gid); - setuid(user->pw_uid); - seteuid(user->pw_uid); initgroups(login, user->pw_gid); + setuid(user->pw_uid); setenv("REMOTE_USER", login, 1); unsetenv("HTTP_AUTHORIZATION"); return execve(script, argv, environ); |