[PATCH 09/20] uuidd: factor out dropping of privileges into separate function

Petr Uzel <petr.uzel@xxxxxxx> · Thu, 29 Mar 2012 18:45:17 +0200

Simplify main by moving dropping of privileges into newly
introduced drop_privileges() function.

Signed-off-by: Petr Uzel <petr.uzel@xxxxxxx>
---
 misc-utils/uuidd.c |   47 +++++++++++++++++++++++++++++------------------
 1 files changed, 29 insertions(+), 18 deletions(-)

diff --git a/misc-utils/uuidd.c b/misc-utils/uuidd.c
index aae5dbf..10c3019 100644
--- a/misc-utils/uuidd.c
+++ b/misc-utils/uuidd.c
@@ -486,6 +486,33 @@ socket_ready:
 	}
 }
 
+/*
+ * Drop privileges of the process
+ *
+ * Set real uid, effective uid and - if supported by the system - also
+ * saved set-user-id. Similarly for gid.
+ *
+ * Exits the program with error upon failure.
+ */
+static void drop_privileges(uid_t uid, gid_t gid)
+{
+#ifdef HAVE_SETRESGID
+	if (setresgid(gid, gid, gid) < 0)
+		err(EXIT_FAILURE, "setresgid");
+#else
+	if (setregid(gid, gid) < 0)
+		err(EXIT_FAILURE, "setregid");
+#endif
+
+#ifdef HAVE_SETRESUID
+	if (setresuid(uid, uid, uid) < 0)
+		err(EXIT_FAILURE, "setresuid");
+#else
+	if (setreuid(uid, uid) < 0)
+		err(EXIT_FAILURE, "setreuid");
+#endif
+}
+
 static void __attribute__ ((__noreturn__)) unexpected_size(int size)
 {
 	errx(EXIT_FAILURE, _("Unexpected reply length from server %d"), size);
@@ -501,7 +528,6 @@ int main(int argc, char **argv)
 	char		str[UUID_STR_LEN], *tmp;
 	uuid_t		uu;
 	uid_t		uid;
-	gid_t		gid;
 	int		i, c, ret;
 	int		debug = 0, do_type = 0, do_kill = 0, num = 0;
 	int		timeout = 0, quiet = 0, drop_privs = 0;
@@ -624,24 +650,9 @@ int main(int argc, char **argv)
 				  "Ignoring --socket\n"));
 
 	uid = getuid();
-	if (uid && drop_privs) {
-		gid = getgid();
-#ifdef HAVE_SETRESGID
-		if (setresgid(gid, gid, gid) < 0)
-			err(EXIT_FAILURE, "setresgid");
-#else
-		if (setregid(gid, gid) < 0)
-			err(EXIT_FAILURE, "setregid");
-#endif
+	if (uid && drop_privs)
+		drop_privileges(uid, getgid());
 
-#ifdef HAVE_SETRESUID
-		if (setresuid(uid, uid, uid) < 0)
-			err(EXIT_FAILURE, "setresuid");
-#else
-		if (setreuid(uid, uid) < 0)
-			err(EXIT_FAILURE, "setreuid");
-#endif
-	}
 	if (num && do_type) {
 		ret = call_daemon(socket_path, do_type + 2, buf,
 				  sizeof(buf), &num, &err_context);
-- 
1.7.7

--
To unsubscribe from this list: send the line "unsubscribe util-linux" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





