From 3bb859c50522e92f01241403501049692f98d25d Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Thu, 14 Oct 2021 04:54:06 +0200
Subject: passt: Warn if we're running as root, abort if we can't change to
 nobody:nobody

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 passt.c | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)

(limited to 'passt.c')

diff --git a/passt.c b/passt.c
index 9b55260..48c2649 100644
--- a/passt.c
+++ b/passt.c
@@ -56,6 +56,8 @@
 #include <linux/filter.h>
 #include <stddef.h>
 #include <linux/capability.h>
+#include <pwd.h>
+#include <grp.h>
 
 #include "seccomp.h"
 #include "util.h"
@@ -186,6 +188,30 @@ static void seccomp(struct ctx *c)
 	}
 }
 
+/**
+ * check_root() - Warn if we're running as root, exit if we can't drop to nobody
+ */
+static void check_root(void)
+{
+	struct passwd *pw;
+
+	if (getuid() && geteuid())
+		return;
+
+	fprintf(stderr, "Don't run this as root. Changing to nobody...\n");
+	pw = getpwnam("nobody");
+	if (!pw) {
+		perror("getpwnam");
+		exit(EXIT_FAILURE);
+	}
+
+	if (initgroups(pw->pw_name, pw->pw_gid) ||
+	    setgid(pw->pw_gid) || setuid(pw->pw_uid)) {
+		fprintf(stderr, "Can't change to user/group nobody, exiting");
+		exit(EXIT_FAILURE);
+	}
+}
+
 /**
  * drop_caps() - Drop capabilities we might have except for CAP_NET_BIND_SERVICE
  */
@@ -223,6 +249,9 @@ int main(int argc, char **argv)
 	char *log_name;
 	int nfds, i;
 
+#ifndef PASST_LEGACY_NO_OPTIONS
+	check_root();
+#endif
 	drop_caps();
 
 	if (strstr(argv[0], "pasta") || strstr(argv[0], "passt4netns")) {
-- 
cgit v1.2.3