Chroot the logger process into the icbd user home directory

2014-03-05 18:38:50 +01:00 · 2014-03-05 18:38:50 +01:00 · 1dd35547d8
commit 1dd35547d8
parent 4e66b3ae9b
1 changed files with 6 additions and 1 deletions
--- a/logger.c
+++ b/logger.c
@ -97,12 +97,17 @@ logger_init(void)
 	    LOGIN_SETALL & ~LOGIN_SETUSER) < 0)
 		exit(EX_NOPERM);

+	if (chroot(pw->pw_dir) < 0) {
+		syslog(LOG_ERR, "%s: %m", pw->pw_dir);
+		exit(EX_UNAVAILABLE);
+	}
+
 	if (setuid(pw->pw_uid) < 0) {
 		syslog(LOG_ERR, "%d: %m", pw->pw_uid);
 		exit(EX_NOPERM);
 	}

-	if (chdir(pw->pw_dir) < 0) {
+	if (chdir("/") < 0) {
 		syslog(LOG_ERR, "chdir: %m");
 		exit(EX_UNAVAILABLE);
 	}