diff options
author | Giovanni Bechis <giovanni@paclan.it> | 2017-08-30 17:59:55 +0200 |
---|---|---|
committer | dormando <dormando@rydia.net> | 2017-11-04 13:07:28 -0700 |
commit | 105064c8a6ab98177a73355b72b489e69a2f98e8 (patch) | |
tree | f80bfda6484a5bacc1c36dbc7ca94f3843658a5c /openbsd_priv.c | |
parent | 7f4e0246e5c27baa9a7a690e5905f5ee56b80ece (diff) | |
download | memcached-105064c8a6ab98177a73355b72b489e69a2f98e8.tar.gz |
Rework pledge support after seccomp support has been added
Diffstat (limited to 'openbsd_priv.c')
-rw-r--r-- | openbsd_priv.c | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/openbsd_priv.c b/openbsd_priv.c new file mode 100644 index 0000000..1e26ece --- /dev/null +++ b/openbsd_priv.c @@ -0,0 +1,28 @@ +#include <errno.h> +#include <stdlib.h> +#include <stdio.h> +#include <string.h> +#include <unistd.h> +#include "memcached.h" + +/* + * this section of code will drop all (OpenBSD) privileges including + * those normally granted to all userland process (basic privileges). The + * effect of this is that after running this code, the process will not able + * to fork(), exec(), etc. See pledge(2) for more information. + */ +void drop_privileges() { + extern char *__progname; + + if (settings.socketpath != NULL) { + if (pledge("stdio unix", NULL) == -1) { + fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno)); + exit(EXIT_FAILURE); + } + } else { + if (pledge("stdio inet", NULL) == -1) { + fprintf(stderr, "%s: pledge: %s\n", __progname, strerror(errno)); + exit(EXIT_FAILURE); + } + } +} |