mirror of
https://github.com/vincentmli/bpfire.git
synced 2026-04-22 08:52:58 +02:00
update-ids-ruleset: Run as unprivileged user.
Check if the script has been launched as privileged user (root) and drop all permissions by switching to the "nobody" user and group. Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org> Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
committed by
Michael Tremer
parent
dc9ac30c8d
commit
72ab71969f
@@ -20,11 +20,25 @@
|
||||
###############################################################################
|
||||
|
||||
use strict;
|
||||
use POSIX;
|
||||
|
||||
require '/var/ipfire/general-functions.pl';
|
||||
require "${General::swroot}/ids-functions.pl";
|
||||
require "${General::swroot}/lang.pl";
|
||||
|
||||
# The user and group name as which this script should be run.
|
||||
my $run_as = 'nobody';
|
||||
|
||||
# Get user and group id of the user.
|
||||
my ( $uid, $gid ) = ( getpwnam $run_as )[ 2, 3 ];
|
||||
|
||||
# Check if the script currently runs as root.
|
||||
if ( $> == 0 ) {
|
||||
# Drop privileges and switch to the specified user and group.
|
||||
POSIX::setgid( $gid );
|
||||
POSIX::setuid( $uid );
|
||||
}
|
||||
|
||||
# Check if the red device is active.
|
||||
unless (-e "${General::swroot}/red/active") {
|
||||
# Store notice in the syslog.
|
||||
|
||||
Reference in New Issue
Block a user