mirror of https://github.com/jrbrtsn/ban2fail
Moved setuid to a later point in execution.
This commit is contained in:
parent
6993617dba
commit
a4811bdc20
19
ban2fail.c
19
ban2fail.c
|
@ -92,7 +92,7 @@ struct Global G= {
|
||||||
.version= {
|
.version= {
|
||||||
.major= 0,
|
.major= 0,
|
||||||
.minor= 13,
|
.minor= 13,
|
||||||
.patch= 4
|
.patch= 6
|
||||||
},
|
},
|
||||||
|
|
||||||
.bitTuples.flags= GlobalFlagBitTuples
|
.bitTuples.flags= GlobalFlagBitTuples
|
||||||
|
@ -300,10 +300,23 @@ main(int argc, char **argv)
|
||||||
|
|
||||||
} /* Done with command line arguments */
|
} /* Done with command line arguments */
|
||||||
|
|
||||||
|
char *pager= NULL,
|
||||||
|
*rslt= getenv("PAGER");
|
||||||
|
|
||||||
|
#if 0
|
||||||
|
/* Keep a copy of the pager environment variable */
|
||||||
|
if(rslt) pager= strdup(rslt);
|
||||||
|
|
||||||
/* So we can run iptables */
|
/* So we can run iptables */
|
||||||
ez_setuid(0);
|
ez_setuid(0);
|
||||||
ez_setgid(G.gid);
|
ez_setgid(G.gid);
|
||||||
|
|
||||||
|
/* Restore the pager environment variable */
|
||||||
|
if(pager) {
|
||||||
|
if(setenv("PAGER", pager, 1)) assert(0);
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
/* Get a time when the scan began */
|
/* Get a time when the scan began */
|
||||||
G.begin.time_t= time(NULL);
|
G.begin.time_t= time(NULL);
|
||||||
G.begin.tm= *localtime(&G.begin.time_t);
|
G.begin.tm= *localtime(&G.begin.time_t);
|
||||||
|
@ -473,6 +486,10 @@ main(int argc, char **argv)
|
||||||
/* List by address. Make a addr_map of OFFENTRY objects with composite counts */
|
/* List by address. Make a addr_map of OFFENTRY objects with composite counts */
|
||||||
MAP_visitAllEntries(&G.logType_map, (int(*)(void*,void*))LOGTYPE_map_addr, &S.addr2logEntry_map);
|
MAP_visitAllEntries(&G.logType_map, (int(*)(void*,void*))LOGTYPE_map_addr, &S.addr2logEntry_map);
|
||||||
|
|
||||||
|
/* So we can run iptables */
|
||||||
|
ez_setuid(0);
|
||||||
|
ez_setgid(G.gid);
|
||||||
|
|
||||||
/* Pick up remaining blocked addresses */
|
/* Pick up remaining blocked addresses */
|
||||||
IPTABLES_fill_in_missing(&S.addr2logEntry_map);
|
IPTABLES_fill_in_missing(&S.addr2logEntry_map);
|
||||||
|
|
||||||
|
|
|
@ -106,7 +106,6 @@ extern struct Global {
|
||||||
/* This should be set to adm */
|
/* This should be set to adm */
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
|
||||||
|
|
||||||
struct {
|
struct {
|
||||||
FILE *fh;
|
FILE *fh;
|
||||||
MAP AddrRPT_map;
|
MAP AddrRPT_map;
|
||||||
|
|
Loading…
Reference in New Issue