drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws,tpws: check accessibility of list files after droproot

Browse Source
This commit is contained in:
bol-van
2025-02-03 22:37:08 +03:00
parent 00619c8dab
commit bd67b41f32
3 changed files with 52 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
tpws/tpws.c
View File

@@ -116,6 +116,27 @@ static int8_t block_sigpipe(void)
return 0;
}
static bool test_list_files()
{
struct hostlist_file *hfile;
struct ipset_file *ifile;
LIST_FOREACH(hfile, &params.hostlists, next)
if (!file_mod_time(hfile->filename))
{
DLOG_PERROR("file_mod_time");
DLOG_ERR("cannot access hostlist file '%s'\n",hfile->filename);
return false;
}
LIST_FOREACH(ifile, &params.ipsets, next)
if (!file_mod_time(ifile->filename))
{
DLOG_PERROR("file_mod_time");
DLOG_ERR("cannot access ipset file '%s'\n",ifile->filename);
return false;
}
return true;
}
static bool is_interface_online(const char *ifname)
{
@@ -1918,10 +1939,12 @@ int main(int argc, char *argv[])
set_ulimit();
sec_harden();
if (params.droproot && !droproot(params.uid,params.gid))
goto exiterr;
print_id();
if (params.droproot && !test_list_files())
goto exiterr;
//splice() causes the process to receive the SIGPIPE-signal if one part (for
//example a socket) is closed during splice(). I would rather have splice()
//fail and return -1, so blocking SIGPIPE.