Greenbone Vulnerability Management Libraries 22.12.2
drop_privileges.c File Reference

Basic support to drop privileges. More...

#include "drop_privileges.h"
#include <grp.h>
#include <pwd.h>
#include <sys/types.h>
#include <unistd.h>

Macros

#define G_LOG_DOMAIN   "libgvm base"
 GLib log domain.
 

Functions

static gint drop_privileges_error (GError **error, gint errorcode, const gchar *message)
 Sets an error and return errorcode.
 
int drop_privileges (gchar *username, GError **error)
 Drop privileges.
 

Detailed Description

Basic support to drop privileges.

Macro Definition Documentation

◆ G_LOG_DOMAIN

#define G_LOG_DOMAIN   "libgvm base"

GLib log domain.

Function Documentation

◆ drop_privileges()

int drop_privileges ( gchar * username,
GError ** error )

Drop privileges.

We try to drop our (root) privileges and setuid to username to minimize the risk of privilege escalation. The current implementation is linux-specific and may not work on other platforms.

Parameters
[in]usernameThe user to become. Its safe to pass "NULL", in which case it will default to "nobody".
[out]errorReturn location for errors or NULL if not interested in errors.
Returns
GVM_DROP_PRIVILEGES_OK in case of success. Sets error otherwise and returns the error code.

◆ drop_privileges_error()

static gint drop_privileges_error ( GError ** error,
gint errorcode,
const gchar * message )
static

Sets an error and return errorcode.

Parameters
errorError to set.
errorcodeErrorcode (possible values defined in drop_privileges.h), will be returned.
messageMessage to attach to the error.
Returns
errorcode