OLD | NEW |
(Empty) | |
| 1 // Copyright 2014 The Crashpad Authors. All rights reserved. |
| 2 // |
| 3 // Licensed under the Apache License, Version 2.0 (the "License"); |
| 4 // you may not use this file except in compliance with the License. |
| 5 // You may obtain a copy of the License at |
| 6 // |
| 7 // http://www.apache.org/licenses/LICENSE-2.0 |
| 8 // |
| 9 // Unless required by applicable law or agreed to in writing, software |
| 10 // distributed under the License is distributed on an "AS IS" BASIS, |
| 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 12 // See the License for the specific language governing permissions and |
| 13 // limitations under the License. |
| 14 |
| 15 #ifndef CRASHPAD_UTIL_POSIX_DROP_PRIVILEGES_H_ |
| 16 #define CRASHPAD_UTIL_POSIX_DROP_PRIVILEGES_H_ |
| 17 |
| 18 namespace crashpad { |
| 19 |
| 20 //! \brief Permanently drops privileges conferred by being a setuid or setgid |
| 21 //! executable. |
| 22 //! |
| 23 //! The effective user ID and saved set-user ID are set to the real user ID, |
| 24 //! negating any effects of being a setuid executable. The effective group ID |
| 25 //! and saved set-group ID are set to the real group ID, negating any effects of |
| 26 //! being a setgid executable. Because the saved set-user ID and saved set-group |
| 27 //! ID are reset, there is no way to restore the prior privileges, and the drop |
| 28 //! is permanent. |
| 29 //! |
| 30 //! This function drops privileges correctly when running setuid root and in |
| 31 //! other circumstances, including when running setuid non-root. If the program |
| 32 //! is not a setuid or setgid executable, this function has no effect. |
| 33 //! |
| 34 //! No changes are made to the supplementary group list, which is normally not |
| 35 //! altered for setuid or setgid executables. |
| 36 void DropPrivileges(); |
| 37 |
| 38 } // namespace crashpad |
| 39 |
| 40 #endif // CRASHPAD_UTIL_POSIX_DROP_PRIVILEGES_H_ |
OLD | NEW |