now with _rebound user, we can try a little harder at privdrop

diff --git a/usr.sbin/rebound/rebound.c b/usr.sbin/rebound/rebound.c
index b8495ff..2f9eee9 100644 (file)
--- a/usr.sbin/rebound/rebound.c
+++ b/usr.sbin/rebound/rebound.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rebound.c,v 1.5 2015/10/15 20:58:14 tedu Exp $ */
+/* $OpenBSD: rebound.c,v 1.6 2015/10/15 21:20:09 tedu Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -316,7 +316,10 @@ launch(const char *confname, int ud, int ld, int kq)
                        return child;
        }
 
-       pwd = getpwnam("nobody");
+       if (!(pwd = getpwnam("_rebound"))) {
+               logmsg(LOG_DAEMON | LOG_ERR, "getpwnam failed");
+               exit(1);
+       }
 
        if (chroot("/var/empty") || chdir("/")) {
                logmsg(LOG_DAEMON | LOG_ERR, "chroot failed (%d)", errno);
@@ -324,7 +327,12 @@ launch(const char *confname, int ud, int ld, int kq)
        }
 
        setproctitle("worker");
-       setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid);
+       if (setgroups(1, &pwd->pw_gid) ||
+           setresgid(pwd->pw_gid, pwd->pw_gid, pwd->pw_gid) ||
+           setresuid(pwd->pw_uid, pwd->pw_uid, pwd->pw_uid)) {
+               logmsg(LOG_DAEMON | LOG_ERR, "failed to privdrop");
+               exit(1);
+       }
 
        close(kq);