drygdryg/zapret
1
0
Fork 0
mirror of https://github.com/bol-van/zapret.git synced 2025-05-24 22:32:58 +03:00
Code Issues Packages Projects Releases Wiki Activity

nfqws,tpws: separate droproot from dropcaps

Browse Source
This commit is contained in:
bol-van
2025-03-13 21:54:28 +03:00
parent 2db1ebafe3
commit bd8decddc5
5 changed files with 8 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
nfq/nfqws.c
View File

@@ -293,7 +293,7 @@ static int nfq_main(void)
ssize_t rd;
sec_harden();
if (params.droproot && !droproot(params.uid, params.gid))
if (params.droproot && !droproot(params.uid, params.gid) || !dropcaps())
return 1;
print_id();
if (params.droproot && !test_list_files())

6
nfq/sec.c
View File

@@ -287,7 +287,7 @@ bool can_drop_root(void)
{
#ifdef __linux__
// has some caps
return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID)|(1<<CAP_SETPCAP));
return checkpcap((1<<CAP_SETUID)|(1<<CAP_SETGID));
#else
// effective root
return !geteuid();
@@ -319,11 +319,7 @@ bool droproot(uid_t uid, gid_t gid)
DLOG_PERROR("setuid");
return false;
}
#ifdef __linux__
return dropcaps();
#else
return true;
#endif
}
void print_id(void)