On Mon, Aug 18, 2008 at 12:11 AM, Philip Guenther <[EMAIL PROTECTED]> wrote:
> This question doesn't really have anything to do with OpenBSD.
Thanks, but I think it has to do with OpenBSD, because
the question is about implementation at this platform.
I'll try using following for now:
drop_root() if ($< == 0 or $> == 0);
# sudo useradd -g=uid -s/sbin/nologin -d/var/empty _myuser
sub drop_root {
my ($uid, $gid, $home) = (getpwnam('_myuser'))[2,3,7];
die 'User _myuser not found'
unless ($uid and $gid and -d $home);
chroot($home) or die "Can not chroot to $home: $!";
# try to set the real, effective and save uid
setgid($gid) or die "Can not set gid to $gid: $!";
setuid($uid) or die "Can not set uid to $uid: $!";
# try to regain privileges - this should fail
die 'Not able to drop privileges'
if (setuid(0) or setgid(0));
}
