1 files changed, 45 insertions, 13 deletions
diff --git a/opentracker.c b/opentracker.c
index 61acd3f..993877a 100644
--- a/opentracker.c
+++ b/opentracker.c
@@ -350,8 +350,47 @@ int parse_configfile( char * config_filename ) {
  return bound;
 }
-int main( int argc, char **argv ) {
+int drop_privileges (const char * const serverdir) {
  struct passwd *pws = NULL;
+  /* Grab pws entry before chrooting */
+  pws = getpwnam( "nobody" );
+  endpwent();
+  if( geteuid() == 0 ) {
+    /* Running as root: chroot and drop privileges */
+    if(chroot( serverdir )) {
+      fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) );
+      return -1;
+    }
+    if(chdir("/"))
+      panic("chdir() failed after chrooting: ");
+    if( !pws ) {
+      setegid( (gid_t)-2 ); setgid( (gid_t)-2 );
+      setuid( (uid_t)-2 );  seteuid( (uid_t)-2 );
+    }
+    else {
+      setegid( pws->pw_gid ); setgid( pws->pw_gid );
+      setuid( pws->pw_uid );  seteuid( pws->pw_uid );
+    }
+    if( geteuid() == 0 || getegid() == 0 )
+      panic("Still running with root privileges?!");
+  }
+  else {
+    /* Normal user, just chdir() */
+    if(chdir( serverdir )) {
+      fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) );
+      return -1;
+    }
+  }
+  return 0;
+}
+int main( int argc, char **argv ) {
  char serverip[4] = {0,0,0,0}, tmpip[4];
  int bound = 0, scanon = 1;
  uint16_t tmpport;
@@ -404,16 +443,8 @@ while( scanon ) {
    ot_try_bind( serverip, 6969, FLAG_UDP );
  }
-  /* Drop permissions */
+  if( drop_privileges( g_serverdir ? g_serverdir : "." ) == -1 )
-  pws = getpwnam( "nobody" );
+    panic( "drop_privileges failed, exiting. Last error");
-  if( !pws ) {
-    setegid( (gid_t)-2 ); setuid( (uid_t)-2 );
-    setgid( (gid_t)-2 ); seteuid( (uid_t)-2 );
-  } else {
-    setegid( pws->pw_gid ); setuid( pws->pw_uid );
-    setgid( pws->pw_gid ); seteuid( pws->pw_uid );
-  }
-  endpwent();
  signal( SIGPIPE, SIG_IGN );
  signal( SIGINT,  signal_handler );
@@ -421,9 +452,10 @@ while( scanon ) {
  g_now_seconds = time( NULL );
-  if( trackerlogic_init( g_serverdir ? g_serverdir : "." ) == -1 )
+  /* Init all sub systems. This call may fail with an exit() */
-    panic( "Logic not started" );
+  trackerlogic_init( );
+  /* Kick off our initial clock setting alarm */
  alarm(5);
  server_mainloop( );

diff --git a/opentracker.c b/opentracker.c index 61acd3f..993877a 100644 --- a/opentracker.c +++ b/opentracker.c
@@ -350,8 +350,47 @@ int parse_configfile( char * config_filename ) {
350	return bound;	350	return bound;
351	}	351	}
352		352
353	int main( int argc, char **argv ) {	353	int drop_privileges (const char * const serverdir) {
354	struct passwd *pws = NULL;	354	struct passwd *pws = NULL;
		355
		356	/* Grab pws entry before chrooting */
		357	pws = getpwnam( "nobody" );
		358	endpwent();
		359
		360	if( geteuid() == 0 ) {
		361	/* Running as root: chroot and drop privileges */
		362	if(chroot( serverdir )) {
		363	fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) );
		364	return -1;
		365	}
		366
		367	if(chdir("/"))
		368	panic("chdir() failed after chrooting: ");
		369
		370	if( !pws ) {
		371	setegid( (gid_t)-2 ); setgid( (gid_t)-2 );
		372	setuid( (uid_t)-2 ); seteuid( (uid_t)-2 );
		373	}
		374	else {
		375	setegid( pws->pw_gid ); setgid( pws->pw_gid );
		376	setuid( pws->pw_uid ); seteuid( pws->pw_uid );
		377	}
		378
		379	if( geteuid() == 0 \|\| getegid() == 0 )
		380	panic("Still running with root privileges?!");
		381	}
		382	else {
		383	/* Normal user, just chdir() */
		384	if(chdir( serverdir )) {
		385	fprintf( stderr, "Could not chroot to %s, because: %s\n", serverdir, strerror(errno) );
		386	return -1;
		387	}
		388	}
		389
		390	return 0;
		391	}
		392
		393	int main( int argc, char **argv ) {
355	char serverip[4] = {0,0,0,0}, tmpip[4];	394	char serverip[4] = {0,0,0,0}, tmpip[4];
356	int bound = 0, scanon = 1;	395	int bound = 0, scanon = 1;
357	uint16_t tmpport;	396	uint16_t tmpport;
@@ -404,16 +443,8 @@ while( scanon ) {
404	ot_try_bind( serverip, 6969, FLAG_UDP );	443	ot_try_bind( serverip, 6969, FLAG_UDP );
405	}	444	}
406		445
407	/* Drop permissions */	446	if( drop_privileges( g_serverdir ? g_serverdir : "." ) == -1 )
408	pws = getpwnam( "nobody" );	447	panic( "drop_privileges failed, exiting. Last error");
409	if( !pws ) {
410	setegid( (gid_t)-2 ); setuid( (uid_t)-2 );
411	setgid( (gid_t)-2 ); seteuid( (uid_t)-2 );
412	} else {
413	setegid( pws->pw_gid ); setuid( pws->pw_uid );
414	setgid( pws->pw_gid ); seteuid( pws->pw_uid );
415	}
416	endpwent();
417		448
418	signal( SIGPIPE, SIG_IGN );	449	signal( SIGPIPE, SIG_IGN );
419	signal( SIGINT, signal_handler );	450	signal( SIGINT, signal_handler );
@@ -421,9 +452,10 @@ while( scanon ) {
421		452
422	g_now_seconds = time( NULL );	453	g_now_seconds = time( NULL );
423		454
424	if( trackerlogic_init( g_serverdir ? g_serverdir : "." ) == -1 )	455	/* Init all sub systems. This call may fail with an exit() */
425	panic( "Logic not started" );	456	trackerlogic_init( );
426		457
		458	/* Kick off our initial clock setting alarm */
427	alarm(5);	459	alarm(5);
428		460
429	server_mainloop( );	461	server_mainloop( );