OpenVAS Libraries  9.0.1
Macros | Functions
drop_privileges.h File Reference
#include <glib.h>

Go to the source code of this file.

Macros

#define OPENVAS_DROP_PRIVILEGES   g_quark_from_static_string ("openvas-drop-privileges-error-quark")
 The GQuark for privilege dropping errors. More...
 
#define OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET   -1
 
#define OPENVAS_DROP_PRIVILEGES_OK   0
 
#define OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT   1
 
#define OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER   2
 
#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID   3
 
#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID   4
 
#define OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY   5
 

Functions

int drop_privileges (gchar *username, GError **error)
 Naive attempt to drop privileges. More...
 

Macro Definition Documentation

◆ OPENVAS_DROP_PRIVILEGES

#define OPENVAS_DROP_PRIVILEGES   g_quark_from_static_string ("openvas-drop-privileges-error-quark")

The GQuark for privilege dropping errors.

◆ OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET

#define OPENVAS_DROP_PRIVILEGES_ERROR_ALREADY_SET   -1

◆ OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID

#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_GID   3

◆ OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID

#define OPENVAS_DROP_PRIVILEGES_FAIL_DROP_UID   4

◆ OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT

#define OPENVAS_DROP_PRIVILEGES_FAIL_NOT_ROOT   1

◆ OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY

#define OPENVAS_DROP_PRIVILEGES_FAIL_SUPPLEMENTARY   5

◆ OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER

#define OPENVAS_DROP_PRIVILEGES_FAIL_UNKNOWN_USER   2

◆ OPENVAS_DROP_PRIVILEGES_OK

#define OPENVAS_DROP_PRIVILEGES_OK   0

Function Documentation

◆ drop_privileges()

int drop_privileges ( gchar *  username,
GError **  error 
)

Naive attempt to drop privileges.

We try to drop our (root) privileges and setuid to

Parameters
usernameto minimize the risk of privilege escalation. The current implementation is somewhat linux-specific and may not work on other platforms.
[in]usernameThe user to become. Its safe to pass "NULL", in which case it will default to "nobody".
[out]errorReturn location for errors or NULL if not interested in errors.
Returns
OPENVAS_DROP_PRIVILEGES_OK in case of success. Sets
Parameters
errorotherwise and returns the error code.