diff options
| author | David Phillips <dbphillipsnz@gmail.com> | 2016-07-18 10:02:45 +1200 |
|---|---|---|
| committer | David Phillips <dbphillipsnz@gmail.com> | 2016-07-18 10:03:13 +1200 |
| commit | 371f5beec60f9ea8b13d2ae55094c8bc8841aa3d (patch) | |
| tree | 9bfae009ddd269d31e00dc191f0f5e946e5c7028 | |
| parent | f563a746fe7fd0ed01378cb6defed0ce43580e5b (diff) | |
| download | brightnessd-371f5beec60f9ea8b13d2ae55094c8bc8841aa3d.tar.xz | |
Drop privileges down to nobody, general fix-ups.
| -rw-r--r-- | brightnessd.c | 53 |
1 files changed, 44 insertions, 9 deletions
diff --git a/brightnessd.c b/brightnessd.c index 24af9ad..ebd71a2 100644 --- a/brightnessd.c +++ b/brightnessd.c @@ -6,12 +6,14 @@ #include <sys/stat.h> #include <fcntl.h> #include <poll.h> +#include <pwd.h> #define FIFO_PATH "/tmp/brightnessd-fifo" #define BRIGHT_FILE "/sys/class/backlight/radeon_bl0/brightness" #define DELAY 5 #define STEP 1 #define BIG_STEP 10 +#define USER "nobody" int get_now(FILE *f) { @@ -39,6 +41,11 @@ int main(int argc, char **argv) int target = 0; int now = 0; FILE *f = NULL; + int fifo = 0; + struct pollfd fds; + struct passwd *p; + int delay = 0; + int nread = 0; char buffer[4]; /* size 4 because max bright is 255, plus null terminator */ /* Open brightness file */ @@ -51,28 +58,56 @@ int main(int argc, char **argv) now = get_now(f); target = now; - /* create and open a FIFO */ + /* create and open fifo, using chmod since mkfifo is affected by umask */ remove(FIFO_PATH); mkfifo(FIFO_PATH, 0666); chmod(FIFO_PATH, 0666); /* FIXME : check return val */ - int fifo = open(FIFO_PATH, O_RDWR); + fifo = open(FIFO_PATH, O_RDWR); - struct pollfd fds[1]; - fds[0].fd = fifo; - fds[0].events = POLLIN; + fds.fd = fifo; + fds.events = POLLIN; - int delay = -1; + p = getpwnam(USER); + if (p == NULL) + { + fprintf(stderr, "Failed to get uid and gid of user \""USER"\", bailing\n"); + return 1; + } + + if (setgid(p->pw_gid)) + { + fprintf(stderr, "Failed to set gid to %d\n", p->pw_gid); + perror("setuid"); + return 1; + } + + if (setuid(p->pw_uid)) + { + fprintf(stderr, "Failed to set uid to %d\n", p->pw_uid); + perror("setuid"); + return 1; + } + + if (!setuid(0) || !setgid(0)) + { + fprintf(stderr, "Got uid 0 or gid 0 back after dropping, bailing\n"); + return 1; + } + + delay = -1; while(1) { - poll(fds, 1, delay); - if (fds[0].revents & POLLIN) + poll(&fds, 1, delay); + if (fds.revents & POLLIN) { delay = DELAY; - read(fifo, buffer, sizeof(buffer)); + nread = read(fifo, buffer, sizeof(buffer)); + if (nread == 0) + perror("read"); switch(buffer[0]) { case '+': |