-actually make use of SGID permissions

author: Christian Grothoff <christian@grothoff.org> 2012-07-14 23:41:22 +0000
committer: Christian Grothoff <christian@grothoff.org> 2012-07-14 23:41:22 +0000
commit: cffedc346363cfffe273b7340735ddae9297dbbf (patch)
tree: ad86afcca890b322aaf9b9ec7eec9a8ae14e405d /src/dns
parent: eefde2a44c9b631fd31c9aaf5c6627cd21020b03 (diff)
download: gnunet-cffedc346363cfffe273b7340735ddae9297dbbf.tar.gz
gnunet-cffedc346363cfffe273b7340735ddae9297dbbf.zip
1 files changed, 19 insertions, 0 deletions
diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c
index 6337538d1..644f2e1c8 100644
--- a/src/dns/gnunet-service-dns.c
+++ b/src/dns/gnunet-service-dns.c
@@ -1672,6 +1672,25 @@ run (void *cls, struct GNUNET_SERVER_Handle *server,
 int
 main (int argc, char *const *argv)
 {
+  /* make use of SGID capabilities on POSIX */
+  /* FIXME: this might need a port on systems without 'getresgid' */
+#if HAVE_GETRESGID
+  gid_t rgid;
+  gid_t egid;
+  gid_t sgid;
+  if (-1 == getresgid (&rgid, &egid, &sgid))
+  {
+    fprintf (stderr,
+             "getresgid failed: %s\n",
+             strerror (errno));
+  }
+  else if (sgid != rgid)
+  {    
+    if (-1 ==  setregid (sgid, sgid))
+      fprintf (stderr, "setregid failed: %s\n", strerror (errno));
+  }
+#endif
  return (GNUNET_OK ==
          GNUNET_SERVICE_run (argc, argv, "dns", GNUNET_SERVICE_OPTION_NONE,
                              &run, NULL)) ? global_ret : 1;
author	Christian Grothoff <christian@grothoff.org>	2012-07-14 23:41:22 +0000
committer	Christian Grothoff <christian@grothoff.org>	2012-07-14 23:41:22 +0000
commit	cffedc346363cfffe273b7340735ddae9297dbbf (patch)
tree	ad86afcca890b322aaf9b9ec7eec9a8ae14e405d /src/dns
parent	eefde2a44c9b631fd31c9aaf5c6627cd21020b03 (diff)
download	gnunet-cffedc346363cfffe273b7340735ddae9297dbbf.tar.gz gnunet-cffedc346363cfffe273b7340735ddae9297dbbf.zip

diff --git a/src/dns/gnunet-service-dns.c b/src/dns/gnunet-service-dns.c index 6337538d1..644f2e1c8 100644 --- a/src/dns/gnunet-service-dns.c +++ b/src/dns/gnunet-service-dns.c
@@ -1672,6 +1672,25 @@ run (void cls, struct GNUNET_SERVER_Handle server,
1672	int	1672	int
1673	main (int argc, char const argv)	1673	main (int argc, char const argv)
1674	{	1674	{
		1675	/* make use of SGID capabilities on POSIX */
		1676	/* FIXME: this might need a port on systems without 'getresgid' */
		1677	#if HAVE_GETRESGID
		1678	gid_t rgid;
		1679	gid_t egid;
		1680	gid_t sgid;
		1681
		1682	if (-1 == getresgid (&rgid, &egid, &sgid))
		1683	{
		1684	fprintf (stderr,
		1685	"getresgid failed: %s\n",
		1686	strerror (errno));
		1687	}
		1688	else if (sgid != rgid)
		1689	{
		1690	if (-1 == setregid (sgid, sgid))
		1691	fprintf (stderr, "setregid failed: %s\n", strerror (errno));
		1692	}
		1693	#endif
1675	return (GNUNET_OK ==	1694	return (GNUNET_OK ==
1676	GNUNET_SERVICE_run (argc, argv, "dns", GNUNET_SERVICE_OPTION_NONE,	1695	GNUNET_SERVICE_run (argc, argv, "dns", GNUNET_SERVICE_OPTION_NONE,
1677	&run, NULL)) ? global_ret : 1;	1696	&run, NULL)) ? global_ret : 1;