diff options
| author | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2018-07-14 18:18:12 +0200 |
|---|---|---|
| committer | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2018-07-14 18:33:51 +0200 |
| commit | e6a56690f8d04fbd2dbe127ed100ecafa61fee5d (patch) | |
| tree | c7d5204f392745d25a900797a85a08174b283e12 /tcpdump.c | |
| parent | 65fbcba67fef3c5d2211ac8be90b08dfb8860cc3 (diff) | |
| download | tcpdump-e6a56690f8d04fbd2dbe127ed100ecafa61fee5d.tar.gz | |
Exit if capng_change_id() fails to change the uid
From Linux manual page of capng_change_id():
Note: the only safe action to do upon failure of this function is to
probably exit. This is because you are likely in a situation with par-
tial permissions and not what you intended.
Diffstat (limited to 'tcpdump.c')
| -rw-r--r-- | tcpdump.c | 7 |
1 files changed, 3 insertions, 4 deletions
@@ -745,11 +745,10 @@ droproot(const char *username, const char *chroot_dir) #ifdef HAVE_LIBCAP_NG { int ret = capng_change_id(pw->pw_uid, pw->pw_gid, CAPNG_NO_FLAG); - if (ret < 0) { - fprintf(stderr, "error : ret %d\n", ret); - } else { + if (ret < 0) + error("capng_change_id(): return %d\n", ret); + else fprintf(stderr, "dropped privs to %s\n", username); - } } #else if (initgroups(pw->pw_name, pw->pw_gid) != 0 || |