#include <glib.h>
Go to the source code of this file.
#define OPENVAS_DROP_PRIVILEGES g_quark_from_static_string ("openvas-drop-privileges-error-quark") |
The GQuark for privilege dropping errors.
#define OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET -1 |
#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID 3 |
#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID 4 |
#define OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT 1 |
#define OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY 5 |
#define OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER 2 |
#define OPENVAS_DROP_PRIVILEGES_OK 0 |
int drop_privileges |
( |
gchar * |
username, |
|
|
GError ** |
error |
|
) |
| |
Naive attempt to drop privileges.
We try to drop our (root) privileges and setuid to
- Parameters
-
| username | to minimize the risk of privilege escalation. The current implementation is somewhat linux-specific and may not work on other platforms. |
[in] | username | The user to become. Its safe to pass "NULL", in which case it will default to "nobody". |
[out] | error | Return location for errors or NULL if not interested in errors. |
- Returns
- OPENVAS_DROP_PRIVILEGES_OK in case of success. Sets
- Parameters
-
error | otherwise and returns the error code. |