Greenbone Vulnerability Management Libraries 22.18.1
|
Privilege dropping header file. More...
#include <glib.h>
Go to the source code of this file.
Macros | |
#define | GVM_DROP_PRIVILEGES g_quark_from_static_string ("gvm-drop-privileges-error-quark") |
The GQuark for privilege dropping errors. | |
#define | GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 |
Definition of the return code ERROR_ALREADY_SET. | |
#define | GVM_DROP_PRIVILEGES_OK 0 |
Definition of the return code OK. | |
#define | GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 |
Definition of the return code FAIL_NOT_ROOT. | |
#define | GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 |
Definition of the return code FAIL_UNKNOWN_USER. | |
#define | GVM_DROP_PRIVILEGES_FAIL_DROP_GID 3 |
Definition of the return code FAIL_DROP_GID. | |
#define | GVM_DROP_PRIVILEGES_FAIL_DROP_UID 4 |
Definition of the return code FAIL_DROP_UID. | |
#define | GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 |
Definition of the return code FAIL_SUPPLEMENTARY. | |
Functions | |
int | drop_privileges (gchar *username, GError **error) |
Drop privileges. | |
Privilege dropping header file.
#define GVM_DROP_PRIVILEGES g_quark_from_static_string ("gvm-drop-privileges-error-quark") |
The GQuark for privilege dropping errors.
#define GVM_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 |
Definition of the return code ERROR_ALREADY_SET.
#define GVM_DROP_PRIVILEGES_FAIL_DROP_GID 3 |
Definition of the return code FAIL_DROP_GID.
#define GVM_DROP_PRIVILEGES_FAIL_DROP_UID 4 |
Definition of the return code FAIL_DROP_UID.
#define GVM_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 |
Definition of the return code FAIL_NOT_ROOT.
#define GVM_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 |
Definition of the return code FAIL_SUPPLEMENTARY.
#define GVM_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 |
Definition of the return code FAIL_UNKNOWN_USER.
#define GVM_DROP_PRIVILEGES_OK 0 |
Definition of the return code OK.
int drop_privileges | ( | gchar * | username, |
GError ** | error ) |
Drop privileges.
We try to drop our (root) privileges and setuid to username
to minimize the risk of privilege escalation. The current implementation is linux-specific and may not work on other platforms.
[in] | username | The user to become. Its safe to pass "NULL", in which case it will default to "nobody". |
[out] | error | Return location for errors or NULL if not interested in errors. |
error
otherwise and returns the error code.