mirror of
https://github.com/bol-van/zapret.git
synced 2026-02-01 07:10:37 +03:00
tpws: --debug to syslog and file
This commit is contained in:
bol-van
31
tpws/sec.c
31
tpws/sec.c
@@ -169,14 +169,14 @@ bool sec_harden(void)
|
||||
{
|
||||
if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0))
|
||||
{
|
||||
perror("PR_SET_NO_NEW_PRIVS(prctl)");
|
||||
DLOG_PERROR("PR_SET_NO_NEW_PRIVS(prctl)");
|
||||
return false;
|
||||
}
|
||||
#if ARCH_NR!=0
|
||||
if (!set_seccomp())
|
||||
{
|
||||
perror("seccomp");
|
||||
if (errno==EINVAL) fprintf(stderr,"seccomp: this can be safely ignored if kernel does not support seccomp\n");
|
||||
DLOG_PERROR("seccomp");
|
||||
if (errno==EINVAL) DLOG_ERR("seccomp: this can be safely ignored if kernel does not support seccomp\n");
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
@@ -232,15 +232,15 @@ bool dropcaps(void)
|
||||
{
|
||||
if (prctl(PR_CAPBSET_DROP, cap)<0)
|
||||
{
|
||||
fprintf(stderr, "could not drop bound cap %d\n", cap);
|
||||
perror("cap_drop_bound");
|
||||
DLOG_ERR("could not drop bound cap %d\n", cap);
|
||||
DLOG_PERROR("cap_drop_bound");
|
||||
}
|
||||
}
|
||||
}
|
||||
// now without CAP_SETPCAP
|
||||
if (!setpcap(caps))
|
||||
{
|
||||
perror("setpcap");
|
||||
DLOG_PERROR("setpcap");
|
||||
return checkpcap(caps);
|
||||
}
|
||||
return true;
|
||||
@@ -273,24 +273,24 @@ bool droproot(uid_t uid, gid_t gid)
|
||||
#ifdef __linux__
|
||||
if (prctl(PR_SET_KEEPCAPS, 1L))
|
||||
{
|
||||
perror("prctl(PR_SET_KEEPCAPS)");
|
||||
DLOG_PERROR("prctl(PR_SET_KEEPCAPS)");
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
// drop all SGIDs
|
||||
if (setgroups(0,NULL))
|
||||
{
|
||||
perror("setgroups");
|
||||
DLOG_PERROR("setgroups");
|
||||
return false;
|
||||
}
|
||||
if (setgid(gid))
|
||||
{
|
||||
perror("setgid");
|
||||
DLOG_PERROR("setgid");
|
||||
return false;
|
||||
}
|
||||
if (setuid(uid))
|
||||
{
|
||||
perror("setuid");
|
||||
DLOG_PERROR("setuid");
|
||||
return false;
|
||||
}
|
||||
#ifdef __linux__
|
||||
@@ -304,16 +304,17 @@ void print_id(void)
|
||||
{
|
||||
int i,N;
|
||||
gid_t g[128];
|
||||
printf("Running as UID=%u GID=",getuid());
|
||||
|
||||
DLOG_CONDUP("Running as UID=%u GID=",getuid());
|
||||
N=getgroups(sizeof(g)/sizeof(*g),g);
|
||||
if (N>0)
|
||||
{
|
||||
for(i=0;i<N;i++)
|
||||
printf(i==(N-1) ? "%u" : "%u,", g[i]);
|
||||
printf("\n");
|
||||
DLOG_CONDUP(i==(N-1) ? "%u" : "%u,", g[i]);
|
||||
DLOG_CONDUP("\n");
|
||||
}
|
||||
else
|
||||
printf("%u\n",getgid());
|
||||
DLOG_CONDUP("%u\n",getgid());
|
||||
}
|
||||
|
||||
void daemonize(void)
|
||||
@@ -323,7 +324,7 @@ void daemonize(void)
|
||||
pid = fork();
|
||||
if (pid == -1)
|
||||
{
|
||||
perror("fork");
|
||||
DLOG_PERROR("fork");
|
||||
exit(2);
|
||||
}
|
||||
else if (pid != 0)
|
||||
|
||||
Reference in New Issue
Block a user