Loading docs/changes.txt +1 −0 Original line number Diff line number Diff line Loading @@ -464,3 +464,4 @@ v70.4 nfqws,tpws: ^ prefix in hostlist to disable subdomain matches nfqws,tpws: optional systemd notify support. compile using 'make systemd' nfqws,tpws: systemd instance templates for nfqws and tpws nfqws,tpws: separate droproot from dropcaps nfq/nfqws.c +1 −1 Original line number Diff line number Diff line Loading @@ -293,7 +293,7 @@ static int nfq_main(void) ssize_t rd; sec_harden(); if (params.droproot && !droproot(params.uid, params.gid)) if (params.droproot && !droproot(params.uid, params.gid) || !dropcaps()) return 1; print_id(); if (params.droproot && !test_list_files()) Loading nfq/sec.c +1 −5 Original line number Diff line number Diff line Loading @@ -287,7 +287,7 @@ bool can_drop_root(void) { #ifdef __linux__ // has some caps return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)|(1<<CAP_SETPCAP)); return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)); #else // effective root return !geteuid(); Loading Loading @@ -319,11 +319,7 @@ bool droproot(uid_t uid, gid_t gid) DLOG_PERROR("setuid"); return false; } #ifdef __linux__ return dropcaps(); #else return true; #endif } void print_id(void) Loading tpws/sec.c +1 −5 Original line number Diff line number Diff line Loading @@ -263,7 +263,7 @@ bool can_drop_root(void) { #ifdef __linux__ // has some caps return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)|(1<<CAP_SETPCAP)); return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)); #else // effective root return !geteuid(); Loading Loading @@ -295,11 +295,7 @@ bool droproot(uid_t uid, gid_t gid) DLOG_PERROR("setuid"); return false; } #ifdef __linux__ return dropcaps(); #else return true; #endif } void print_id(void) Loading tpws/tpws.c +4 −0 Original line number Diff line number Diff line Loading @@ -1947,6 +1947,10 @@ int main(int argc, char *argv[]) sec_harden(); if (params.droproot && !droproot(params.uid,params.gid)) goto exiterr; #ifdef __linux__ if (!dropcaps()) goto exiterr; #endif print_id(); if (params.droproot && !test_list_files()) goto exiterr; Loading Loading
docs/changes.txt +1 −0 Original line number Diff line number Diff line Loading @@ -464,3 +464,4 @@ v70.4 nfqws,tpws: ^ prefix in hostlist to disable subdomain matches nfqws,tpws: optional systemd notify support. compile using 'make systemd' nfqws,tpws: systemd instance templates for nfqws and tpws nfqws,tpws: separate droproot from dropcaps
nfq/nfqws.c +1 −1 Original line number Diff line number Diff line Loading @@ -293,7 +293,7 @@ static int nfq_main(void) ssize_t rd; sec_harden(); if (params.droproot && !droproot(params.uid, params.gid)) if (params.droproot && !droproot(params.uid, params.gid) || !dropcaps()) return 1; print_id(); if (params.droproot && !test_list_files()) Loading
nfq/sec.c +1 −5 Original line number Diff line number Diff line Loading @@ -287,7 +287,7 @@ bool can_drop_root(void) { #ifdef __linux__ // has some caps return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)|(1<<CAP_SETPCAP)); return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)); #else // effective root return !geteuid(); Loading Loading @@ -319,11 +319,7 @@ bool droproot(uid_t uid, gid_t gid) DLOG_PERROR("setuid"); return false; } #ifdef __linux__ return dropcaps(); #else return true; #endif } void print_id(void) Loading
tpws/sec.c +1 −5 Original line number Diff line number Diff line Loading @@ -263,7 +263,7 @@ bool can_drop_root(void) { #ifdef __linux__ // has some caps return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)|(1<<CAP_SETPCAP)); return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)); #else // effective root return !geteuid(); Loading Loading @@ -295,11 +295,7 @@ bool droproot(uid_t uid, gid_t gid) DLOG_PERROR("setuid"); return false; } #ifdef __linux__ return dropcaps(); #else return true; #endif } void print_id(void) Loading
tpws/tpws.c +4 −0 Original line number Diff line number Diff line Loading @@ -1947,6 +1947,10 @@ int main(int argc, char *argv[]) sec_harden(); if (params.droproot && !droproot(params.uid,params.gid)) goto exiterr; #ifdef __linux__ if (!dropcaps()) goto exiterr; #endif print_id(); if (params.droproot && !test_list_files()) goto exiterr; Loading
