Moved setuid to a later point in execution.

2019-12-03 22:24:42 -05:00 · 2019-12-03 22:24:42 -05:00 · a4811bdc20
parent 6993617dba
commit a4811bdc20
2 changed files with 18 additions and 2 deletions
--- a/ban2fail.c
+++ b/ban2fail.c
@ -92,7 +92,7 @@ struct Global G= {
   .version= {
      .major= 0,
      .minor= 13,
-      .patch= 4
+      .patch= 6
   },

   .bitTuples.flags= GlobalFlagBitTuples
@ -300,10 +300,23 @@ main(int argc, char **argv)

   } /* Done with command line arguments */

+   char *pager= NULL,
+        *rslt= getenv("PAGER");
+
+#if 0
+   /* Keep a copy of the pager environment variable */
+   if(rslt) pager= strdup(rslt);
+
   /* So we can run iptables */
   ez_setuid(0);
   ez_setgid(G.gid);

+   /* Restore the pager environment variable */
+   if(pager) {
+      if(setenv("PAGER", pager, 1)) assert(0);
+   }
+#endif
+
   /* Get a time when the scan began */
   G.begin.time_t= time(NULL);
   G.begin.tm= *localtime(&G.begin.time_t);
@ -473,6 +486,10 @@ main(int argc, char **argv)
      /* List by address. Make a addr_map of OFFENTRY objects with composite counts */
      MAP_visitAllEntries(&G.logType_map, (int(*)(void*,void*))LOGTYPE_map_addr, &S.addr2logEntry_map);

+      /* So we can run iptables */
+      ez_setuid(0);
+      ez_setgid(G.gid);
+
      /* Pick up remaining blocked addresses */
      IPTABLES_fill_in_missing(&S.addr2logEntry_map);

--- a/ban2fail.h
+++ b/ban2fail.h
@ -106,7 +106,6 @@ extern struct Global {
   /* This should be set to adm */
   gid_t gid;

-
   struct {
      FILE *fh;
      MAP AddrRPT_map;