diff options
Diffstat (limited to 'godzilla.c')
-rw-r--r-- | godzilla.c | 12 |
1 files changed, 10 insertions, 2 deletions
@@ -9,6 +9,8 @@ #include <unistd.h> #include <pwd.h> #include <grp.h> +#include <sys/capability.h> +#include <sys/prctl.h> #include <sys/types.h> #include "config.h" @@ -79,10 +81,16 @@ int main(int argc, char **argv) { result = crypt(passw, s->sp_pwdp); if(!strcmp(result, s->sp_pwdp)) { struct passwd *user = getpwnam(login); + cap_value_t cap_values[] = { CAP_SETUID, CAP_SETGID }; + cap_t caps; + caps = cap_get_proc(); + cap_set_flag(caps, CAP_EFFECTIVE, 2, cap_values, CAP_SET); + cap_set_proc(caps); + prctl(PR_SET_KEEPCAPS, 1, 0, 0, 0); + cap_free(caps); setgid(user->pw_gid); - setuid(user->pw_uid); - seteuid(user->pw_uid); initgroups(login, user->pw_gid); + setuid(user->pw_uid); setenv("REMOTE_USER", login, 1); unsetenv("HTTP_AUTHORIZATION"); return execve(script, argv, environ); |