tpws : dropcaps

2025-05-01 19:32:59 +03:00 · 2019-05-19 15:37:05 +03:00 · 2019-05-19 15:37:05 +03:00 · 8b9d7f56d3
commit 8b9d7f56d3
parent 352f93ced2
10 changed files with 26 additions and 4 deletions
--- a/binaries/aarch64/tpws
+++ b/binaries/aarch64/tpws
--- a/binaries/armhf/tpws
+++ b/binaries/armhf/tpws
--- a/binaries/mips32r1-lsb/tpws
+++ b/binaries/mips32r1-lsb/tpws
--- a/binaries/mips32r1-msb/tpws
+++ b/binaries/mips32r1-msb/tpws
--- a/binaries/mips64r2-msb/tpws
+++ b/binaries/mips64r2-msb/tpws
--- a/binaries/ppc/tpws
+++ b/binaries/ppc/tpws
--- a/binaries/x86/tpws
+++ b/binaries/x86/tpws
--- a/binaries/x86_64/tpws
+++ b/binaries/x86_64/tpws
--- a/docs/compile/openwrt/package/zapret/tpws/Makefile
+++ b/docs/compile/openwrt/package/zapret/tpws/Makefile
@ -12,7 +12,7 @@ define Package/tpws
 	CATEGORY:=Network
 	TITLE:=tpws
 	SUBMENU:=Zapret
- 	DEPENDS:=+zlib
+ 	DEPENDS:=+zlib +libcap
 endef

 define Build/Prepare
--- a/tpws/tpws.c
+++ b/tpws/tpws.c
@ -23,6 +23,7 @@
 #include <getopt.h>
 #include <pwd.h>
 #include <signal.h>
+#include <sys/capability.h>

 #include "tpws.h"
 #include "tpws_conn.h"
@ -789,6 +790,26 @@ void daemonize()
 	/* stderror */
 }

+bool dropcaps()
+{
+	cap_t capabilities;
+
+	capabilities = cap_init();
+	if (cap_clear(capabilities))
+	{
+		perror("cap_init");
+		return false;
+	}
+	if (cap_set_proc(capabilities))
+	{
+		perror("cap_set_proc");
+		cap_free(capabilities);
+		return false;
+	}
+	cap_free(capabilities);
+	return true;
+}
+
 bool droproot()
 {
 	if (params.uid || params.gid)
@ -804,9 +825,10 @@ bool droproot()
 			return false;
 		}
 	}
-	return true;
+	return dropcaps();
 }

+
 bool writepid(const char *filename)
 {
 	FILE *F;