From a4811bdc20c958a5f81474402840abfbb5f03442 Mon Sep 17 00:00:00 2001
From: john <john@rrci.com>
Date: Tue, 3 Dec 2019 22:24:42 -0500
Subject: [PATCH] Moved setuid to a later point in execution.

---
 ban2fail.c | 19 ++++++++++++++++++-
 ban2fail.h |  1 -
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/ban2fail.c b/ban2fail.c
index a178389..cefd007 100644
--- a/ban2fail.c
+++ b/ban2fail.c
@@ -92,7 +92,7 @@ struct Global G= {
    .version= {
       .major= 0,
       .minor= 13,
-      .patch= 4
+      .patch= 6
    },
 
    .bitTuples.flags= GlobalFlagBitTuples
@@ -300,10 +300,23 @@ main(int argc, char **argv)
 
    } /* Done with command line arguments */
 
+   char *pager= NULL,
+        *rslt= getenv("PAGER");
+
+#if 0
+   /* Keep a copy of the pager environment variable */
+   if(rslt) pager= strdup(rslt);
+
    /* So we can run iptables */
    ez_setuid(0);
    ez_setgid(G.gid);
 
+   /* Restore the pager environment variable */
+   if(pager) {
+      if(setenv("PAGER", pager, 1)) assert(0);
+   }
+#endif
+
    /* Get a time when the scan began */
    G.begin.time_t= time(NULL);
    G.begin.tm= *localtime(&G.begin.time_t);
@@ -473,6 +486,10 @@ main(int argc, char **argv)
       /* List by address. Make a addr_map of OFFENTRY objects with composite counts */
       MAP_visitAllEntries(&G.logType_map, (int(*)(void*,void*))LOGTYPE_map_addr, &S.addr2logEntry_map);
 
+      /* So we can run iptables */
+      ez_setuid(0);
+      ez_setgid(G.gid);
+
       /* Pick up remaining blocked addresses */
       IPTABLES_fill_in_missing(&S.addr2logEntry_map);
 
diff --git a/ban2fail.h b/ban2fail.h
index b9a8765..9a4d07d 100644
--- a/ban2fail.h
+++ b/ban2fail.h
@@ -106,7 +106,6 @@ extern struct Global {
    /* This should be set to adm */
    gid_t gid;
 
-
    struct {
       FILE *fh;
       MAP AddrRPT_map;