diff options
| author |  Holger Weiss <holger@zedat.fu-berlin.de>
| 2014-06-18 23:22:12 +0200 |
|---|---|---|
| committer | Holger Weiss <holger@zedat.fu-berlin.de>
| 2014-06-18 23:22:12 +0200 |
| commit | 48025ff39c3a78b7805bf803ac96730cef53e15c (patch) | |
| tree | bbaf7c1147cf8077547bc47d5839a0e058f66765 | |
| parent | 2bf7647be60cd53d9e54fdcf970a90fe08797819 (diff) | |
| download | monitoring-plugins-48025ff39c3a78b7805bf803ac96730cef53e15c.tar.gz | |
lib/parse_ini.c: Drop privileges for reading file
Read the configuration file with privileges temporarily dropped if the
code is used by a setuid plugin.
| -rw-r--r-- | lib/parse_ini.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/parse_ini.c b/lib/parse_ini.c index 447bd454..86b94e7d 100644 --- a/lib/parse_ini.c +++ b/lib/parse_ini.c @@ -22,6 +22,7 @@ *****************************************************************************/ #include "common.h" +#include "idpriv.h" #include "utils_base.h" #include "parse_ini.h" @@ -118,6 +119,11 @@ np_get_defaults(const char *locator, const char *default_section) FILE *inifile = NULL; np_arg_list *defaults = NULL; np_ini_info i; + int is_suid_plugin = mp_suid(); + + if (is_suid_plugin && idpriv_temp_drop() == -1) + die(STATE_UNKNOWN, _("Cannot drop privileges: %s\n"), + strerror(errno)); parse_locator(locator, default_section, &i); inifile = strcmp(i.file, "-") == 0 ? stdin : fopen(i.file, "r"); @@ -133,6 +139,10 @@ np_get_defaults(const char *locator, const char *default_section) if (inifile != stdin) fclose(inifile); free(i.stanza); + if (is_suid_plugin && idpriv_temp_restore() == -1) + die(STATE_UNKNOWN, _("Cannot restore privileges: %s\n"), + strerror(errno)); + return defaults; } |