本文整理汇总了C++中drop_privs函数的典型用法代码示例。如果您正苦于以下问题:C++ drop_privs函数的具体用法?C++ drop_privs怎么用?C++ drop_privs使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了drop_privs函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: spawn_command
/**
* Spawn external command using system() with dropped privileges.
* TODO: avoid system() and use exec*() instead
*/
static int spawn_command(const char *cmd, uid_t uid){
int child;
int status = -1;
if (verbose > 1)
printf("spawn_command: %s\n", cmd);
child = fork();
if (child == -1) {
perror(_("Unable to fork"));
return status;
}
if (child == 0) {
if (drop_privs(uid) != 0) exit(-1);
status = system(cmd);
status_to_retval(status, status);
exit(status);
}
waitpid(child, &status, 0);
status_to_retval(status, status);
return status;
}示例2: rend_private_init
/*
* rend_private_init
*
* Initialize howl and start runloop
*/
int rend_private_init(char *user) {
sw_result result;
DPRINTF(E_DBG,L_REND,"Starting rendezvous services\n");
signal(SIGHUP, SIG_IGN); // SIGHUP might happen from a request to reload the daap server
if(sw_discovery_init(&rend_handle) != SW_OKAY) {
DPRINTF(E_WARN,L_REND,"Error initializing howl\n");
errno=EINVAL;
return -1;
}
if(drop_privs(user))
return -1;
DPRINTF(E_DBG,L_REND,"Starting polling thread\n");
if(pthread_create(&rend_tid,NULL,rend_pipe_monitor,NULL)) {
DPRINTF(E_FATAL,L_REND,"Could not start thread. Terminating\n");
/* should kill parent, too */
exit(EXIT_FAILURE);
}
DPRINTF(E_DBG,L_REND,"Entering runloop\n");
sw_discovery_run(rend_handle);
DPRINTF(E_DBG,L_REND,"Exiting runloop\n");
return 0;
}示例3: main
int main(int argc, char* argv[]) {
int rc;
/* drop privileges */
if (drop_privs() < 0) return EXIT_FAILURE;
/* parse arguments */
parse_args(argc, argv);
/* initialize secure storage directory */
rc = storage_init(ss_data_root);
if (rc < 0) return EXIT_FAILURE;
/* open rpmb device */
rc = rpmb_open(rpmb_devname, dev_type);
if (rc < 0) return EXIT_FAILURE;
/* connect to Trusty secure storage server */
rc = ipc_connect(trusty_devname, ss_srv_name);
if (rc < 0) return EXIT_FAILURE;
/* enter main loop */
rc = proxy_loop();
ALOGE("exiting proxy loop with status (%d)\n", rc);
ipc_disconnect();
rpmb_close();
return (rc < 0) ? EXIT_FAILURE : EXIT_SUCCESS;
}示例4: do_mount
static int do_mount(const char *dev, const char *mnt, const char *type,
mode_t rootmode, int fd, int fuseflags)
{
int res;
struct fuse_mount_data data;
int flags = MS_NOSUID | MS_NODEV;
if(getuid() != 0) {
res = drop_privs();
if(res == -1)
return -1;
flags |= MS_PERMISSION;
}
data.version = FUSE_KERNEL_VERSION;
data.fd = fd;
data.rootmode = rootmode;
data.uid = getuid();
data.flags = fuseflags;
res = mount(dev, mnt, type, flags, &data);
if(res == -1)
fprintf(stderr, "%s: mount failed: %s\n", progname, strerror(errno));
if(getuid() != 0)
restore_privs();
return res;
}示例5: try_open
static int try_open(const char *dev, char **devp)
{
int fd;
if (restore_privs())
return -1;
fd = open(dev, O_RDWR);
if (drop_privs())
return -1;
if (fd != -1) {
*devp = strdup(dev);
if (*devp == NULL) {
fprintf(stderr, "%s: failed to allocate memory\n", progname);
close(fd);
fd = -1;
}
} else if (errno == ENODEV ||
errno == ENOENT) /* check for ENOENT too, for the udev case */
return -2;
else {
fprintf(stderr, "%s: failed to open %s: %s\n", progname, dev,
strerror(errno));
}
return fd;
}示例6: main
int main(void)
{
_buttonusr_isr = (void *)&buttonisr_usr;
_timerusr_isr = (void *)&timerisr_usr;
_mmhusr_isr = (void *)&mmhisr;
/* Drop privileges */
drop_privs();
/* Init board */
kk_board_init();
/* Program the model into OTP, if we're not in screen-test mode, and it's
* not already there
*/
(void)flash_programModel();
/* Init for safeguard against stack overflow (-fstack-protector-all) */
__stack_chk_guard = (uintptr_t)random32();
/* Bootloader Verification */
check_bootloader();
led_func(SET_RED_LED);
dbg_print("Application Version %d.%d.%d\n\r", MAJOR_VERSION, MINOR_VERSION,
PATCH_VERSION);
/* Init storage */
storage_init();
/* Init protcol buffer message map and usb msg callback */
fsm_init();
led_func(SET_GREEN_LED);
usbInit();
u2fInit();
led_func(CLR_RED_LED);
reset_idle_time();
if (is_mfg_mode())
layout_screen_test();
else if (!storage_isInitialized())
layout_standard_notification("Welcome", "keepkey.com/get-started",
NOTIFICATION_LOGO);
else
layoutHomeForced();
while (1) {
delay_ms_with_callback(ONE_SEC, &exec, 1);
increment_idle_time(ONE_SEC);
toggle_screensaver();
}
return 0;
}示例7: main
int main(int argc, char **argv)
{
int ret;
ASSERT0(putenv("TZ=UTC"));
cmn_err(CE_INFO, "blahgd version %s", version_string);
/* drop unneeded privs */
ret = drop_privs();
if (ret)
goto err;
jeffpc_init(&init_ops);
init_math(true);
init_pipe_subsys();
init_req_subsys();
init_post_subsys();
init_file_cache();
ret = config_load((argc >= 2) ? argv[1] : NULL);
if (ret)
goto err;
ret = load_all_posts();
if (ret)
goto err;
handle_signals();
ret = start_helpers();
if (ret)
goto err_helpers;
ret = start_listening();
if (ret)
goto err_helpers;
accept_conns();
stop_listening();
stop_helpers();
free_all_posts();
uncache_all_files();
return 0;
err_helpers:
stop_helpers();
err:
DBG("Failed to inintialize: %s", xstrerror(ret));
return ret;
}示例8: tree
void tree(void) {
drop_privs(1);
char *arg[4];
arg[0] = "bash";
arg[1] = "-c";
arg[2] = "firemon --tree";
arg[3] = NULL;
execvp("/bin/bash", arg);
}示例9: netstats
void netstats(void) {
drop_privs(1);
char *arg[4];
arg[0] = "bash";
arg[1] = "-c";
arg[2] = "firemon --netstats";
arg[3] = NULL;
execvp("/bin/bash", arg);
}示例10: tree
void tree(void) {
EUID_ASSERT();
drop_privs(1);
char *cmd = get_firemon_path("--tree");
char *arg[4];
arg[0] = "bash";
arg[1] = "-c";
arg[2] = cmd;
arg[3] = NULL;
execvp("/bin/bash", arg);
}示例11: seccomp_print_filter
void seccomp_print_filter(pid_t pid) {
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
// check privileges for non-root users
uid_t uid = getuid();
if (uid != 0) {
struct stat s;
char *dir;
if (asprintf(&dir, "/proc/%u/ns", pid) == -1)
errExit("asprintf");
if (stat(dir, &s) < 0)
errExit("stat");
if (s.st_uid != uid) {
printf("Error: permission denied.\n");
exit(1);
}
}
// find the seccomp filter
char *fname;
if (asprintf(&fname, "/proc/%d/root/tmp/firejail/mnt/seccomp", pid) == -1)
errExit("asprintf");
struct stat s;
if (stat(fname, &s) == -1) {
printf("Cannot access seccomp filter.\n");
exit(1);
}
// read and print the filter
read_seccomp_file(fname);
drop_privs(1);
filter_debug();
exit(0);
}示例12: set_privileges
static void set_privileges(void) {
struct stat s;
if (stat("/proc/sys/kernel/grsecurity", &s) == 0) {
EUID_ROOT();
// elevate privileges
if (setreuid(0, 0))
errExit("setreuid");
if (setregid(0, 0))
errExit("setregid");
}
else
drop_privs(1);
}示例13: seccomp_print_filter
void seccomp_print_filter(pid_t pid) {
EUID_ASSERT();
// if the pid is that of a firejail process, use the pid of the first child process
char *comm = pid_proc_comm(pid);
if (comm) {
// remove \n
char *ptr = strchr(comm, '\n');
if (ptr)
*ptr = '\0';
if (strcmp(comm, "firejail") == 0) {
pid_t child;
if (find_child(pid, &child) == 0) {
pid = child;
}
}
free(comm);
}
// check privileges for non-root users
uid_t uid = getuid();
if (uid != 0) {
uid_t sandbox_uid = pid_get_uid(pid);
if (uid != sandbox_uid) {
fprintf(stderr, "Error: permission denied.\n");
exit(1);
}
}
// find the seccomp filter
EUID_ROOT();
char *fname;
if (asprintf(&fname, "/proc/%d/root%s", pid, RUN_SECCOMP_CFG) == -1)
errExit("asprintf");
struct stat s;
if (stat(fname, &s) == -1) {
printf("Cannot access seccomp filter.\n");
exit(1);
}
// read and print the filter
read_seccomp_file(fname);
drop_privs(1);
filter_debug();
free(fname);
exit(0);
}示例14: main
int main (int argc, char *argv[])
{
int pid,index,usable;
char *pgname;
pgname = argv[0];
if (argc < 2)
{
printf("%s: nothing to do\n",pgname);
exit(0);
}
/* printf("Real UID\tReal GID\tEff UID\tEff GID\n"); */
init_privs();
set_privs();
while (argc > 1)
{
usable = 1;
for (index=0; index < strlen(argv[1]); index++)
{
if (!isdigit(argv[1][index]))
{
usable = 0;
break;
}
}
if (usable)
{
pid = atoi(argv[1]);
/* printf("pid is %d\n",pid); */
kill(pid,SIGUSR1);
}
else
printf("%s: invalid argument %s\n",pgname,argv[1]);
argc--;
argv++;
}
drop_privs();
exit(0);
}示例15: main
int main(int argc, char* argv[]) {
int sockfd = init_socket();
logf("Server listening on port %d\n", PORT);
if (signal(SIGCHLD, SIG_IGN) == SIG_ERR) {
perror("Error setting SIGCHILD handler.");
return EXIT_FAILURE;
}
load_module();
while (1) {
socklen_t client_len = sizeof(client);
int client_fd = accept(sockfd, (struct sockaddr*) &client, &client_len);
if (client_fd < 0) {
perror("Error creating socket for incoming connection");
exit(EXIT_FAILURE);
}
logf("New connection from %s on port %d\n", inet_ntoa(client.sin_addr), htons(client.sin_port));
int pid = fork();
if (pid < 0) {
perror("Unable to fork");
exit(EXIT_FAILURE);
}
if (pid == 0) { // client
alarm(300);
close(sockfd);
dup2(client_fd, 0);
dup2(client_fd, 1);
setvbuf(stdout, NULL, _IONBF, 0);
drop_privs();
interact();
close(client_fd);
logf("%s:%d disconnected\n", inet_ntoa(client.sin_addr), htons(client.sin_port));
exit(EXIT_SUCCESS);
} else { // server
logf("%s:%d forked new process with pid %d\n", inet_ntoa(client.sin_addr), htons(client.sin_port), pid);
close(client_fd);
}
}
}