Greenbone Vulnerability Management Libraries
21.4.2
|
Privilege dropping header file. More...
#include <glib.h>
Go to the source code of this file.
Macros | |
#define | GVM_DROP_PRIVILEGES g_quark_from_static_string ("gvm-drop-privileges-error-quark") |
The GQuark for privilege dropping errors. More... | |
#define | GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 |
Definition of the return code ERROR_ALREADY_SET. More... | |
#define | GVM_DROP_PRIVILEGES_OK 0 |
Definition of the return code OK. More... | |
#define | GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 |
Definition of the return code FAIL_NOT_ROOT. More... | |
#define | GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 |
Definition of the return code FAIL_UNKNOWN_USER. More... | |
#define | GVM_DROP_PRIVILEGES_FAIL_DROP_GID 3 |
Definition of the return code FAIL_DROP_GID. More... | |
#define | GVM_DROP_PRIVILEGES_FAIL_DROP_UID 4 |
Definition of the return code FAIL_DROP_UID. More... | |
#define | GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 |
Definition of the return code FAIL_SUPPLEMENTARY. More... | |
Functions | |
int | drop_privileges (gchar *username, GError **error) |
Drop privileges. More... | |
Privilege dropping header file.
#define GVM_DROP_PRIVILEGES g_quark_from_static_string ("gvm-drop-privileges-error-quark") |
The GQuark for privilege dropping errors.
#define GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 |
Definition of the return code ERROR_ALREADY_SET.
#define GVM_DROP_PRIVILEGES_FAIL_DROP_GID 3 |
Definition of the return code FAIL_DROP_GID.
#define GVM_DROP_PRIVILEGES_FAIL_DROP_UID 4 |
Definition of the return code FAIL_DROP_UID.
#define GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 |
Definition of the return code FAIL_NOT_ROOT.
#define GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 |
Definition of the return code FAIL_SUPPLEMENTARY.
#define GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 |
Definition of the return code FAIL_UNKNOWN_USER.
#define GVM_DROP_PRIVILEGES_OK 0 |
Definition of the return code OK.
int drop_privileges | ( | gchar * | username, |
GError ** | error | ||
) |
Drop privileges.
We try to drop our (root) privileges and setuid to username
to minimize the risk of privilege escalation. The current implementation is linux-specific and may not work on other platforms.
[in] | username | The user to become. Its safe to pass "NULL", in which case it will default to "nobody". |
[out] | error | Return location for errors or NULL if not interested in errors. |
error
otherwise and returns the error code.