Check for chroot() and setgroups()

roehling · Aug 6, 2023 · bb9073e · bb9073e
1 parent 6a0d194
commit bb9073e
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 1 deletion.
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -165,7 +165,9 @@ check_include_file(sys/wait.h HAVE_SYS_WAIT_H)
 check_include_file(syslog.h HAVE_SYSLOG_H)
 check_include_file(time.h HAVE_TIME_H)
 check_include_file(unistd.h HAVE_UNISTD_H)
+check_symbol_exists(chroot unistd.h HAVE_CHROOT)
 check_symbol_exists(close_range unistd.h HAVE_CLOSE_RANGE)
+check_symbol_exists(setgroups grp.h HAVE_SETGROUPS)
 check_symbol_exists(strcasecmp strings.h HAVE_STRCASECMP)
 check_symbol_exists(_stricmp string.h HAVE__STRICMP)
 check_symbol_exists(strncasecmp strings.h HAVE_STRNCASECMP)

diff --git a/src/main.c b/src/main.c
@@ -86,6 +86,7 @@ static bool drop_privileges(cfg_t* cfg)
     }
     if (chroot_dir && *chroot_dir)
     {
+#ifdef HAVE_CHROOT
         if (chdir(chroot_dir) < 0)
         {
             log_perror(errno,
@@ -97,10 +98,14 @@ static bool drop_privileges(cfg_t* cfg)
             log_perror(errno, "cannot drop privileges: chroot");
             return false;
         }
+#else
+        log_error("chroot is not supported on this system");
+        return false;
+#endif
     }
     if (target_uid != 0 || target_gid != 0)
     {
-#ifdef HAVE_GRP_H
+#ifdef HAVE_SETGROUPS
         if (setgroups(0, NULL) < 0)
         {
             log_perror(errno, "cannot drop privileges: setgroups");

diff --git a/src/postsrsd_build_config.h.in b/src/postsrsd_build_config.h.in
@@ -31,8 +31,10 @@
 #cmakedefine WITH_SQLITE 1
 
 #cmakedefine HAVE_BIG_ENDIAN 1
+#cmakedefine HAVE_CHROOT 1
 #cmakedefine HAVE_CLOSE_RANGE 1
 #cmakedefine HAVE_CLOSE_RANGE_GNU 1
+#cmakedefine HAVE_SETGROUPS 1
 #cmakedefine HAVE_STRCASECMP 1
 #cmakedefine HAVE__STRICMP 1
 #cmakedefine HAVE_STRNCASECMP 1