blocxx
Enumerations | Functions

BLOCXX_NAMESPACE::Secure Namespace Reference

Enumerations

enum  EChildGroupAction { E_NO_EXTENDED_GROUPS = 0, E_SOURCE_EXTENDED_GROUPS }

Functions

 BLOCXX_DEFINE_EXCEPTION (ProcessAbort)
void dropPrivilegesPermanently (::uid_t newuid,::gid_t newgid, EChildGroupAction extendedGroupAction)
StringArray minimalEnvironment ()
void runAs (char const *username, EChildGroupAction extendedGroupAction=E_SOURCE_EXTENDED_GROUPS)
 Look up user ID and group ID for username in password file, chdir to "/", then drop privileges and run with that user ID and group ID.
 BLOCXX_DECLARE_EXCEPTION (ProcessAbort)
 Secure::ProcessAbortException should be caught only at the top level of the program.
BLOCXX_COMMON_API void dropPrivilegesPermanently (uid_t newuid, gid_t newgid, EChildGroupAction extendedGroupAction)
 Changes both the effective and actual user ID to newuid, and the effective and actual group IDs to newgid, clearing out all of root's auxiliary groups.

Enumeration Type Documentation

Enumerator:
E_NO_EXTENDED_GROUPS 
E_SOURCE_EXTENDED_GROUPS 

Definition at line 48 of file Secure.hpp.


Function Documentation

BLOCXX_NAMESPACE::Secure::BLOCXX_DECLARE_EXCEPTION ( ProcessAbort  )

Secure::ProcessAbortException should be caught only at the top level of the program.

The process should then exit after optionally writing an error message somewhere.

BLOCXX_NAMESPACE::Secure::BLOCXX_DEFINE_EXCEPTION ( ProcessAbort  )
void BLOCXX_NAMESPACE::Secure::dropPrivilegesPermanently ( ::uid_t  newuid,
::gid_t  newgid,
EChildGroupAction  extendedGroupAction 
)

Definition at line 137 of file Secure.cpp.

References ABORT_ERRNO_IF, ABORT_IF, and E_SOURCE_EXTENDED_GROUPS.

Referenced by runAs().

BLOCXX_COMMON_API void BLOCXX_NAMESPACE::Secure::dropPrivilegesPermanently ( uid_t  newuid,
gid_t  newgid,
EChildGroupAction  extendedGroupAction 
)

Changes both the effective and actual user ID to newuid, and the effective and actual group IDs to newgid, clearing out all of root's auxiliary groups.

If newuid == -1, defaults to the actual user ID. If newgid == -1, defaults to the actual group ID.

The second parameter controls whether or not the new user's auxiliary groups are sourced.

Precondition:
Currently running as root (both uid and euid).
BLOCXX_COMMON_API StringArray BLOCXX_NAMESPACE::Secure::minimalEnvironment ( )
Returns:
A minimal environment appropriate for the platform.

Definition at line 360 of file Secure.cpp.

BLOCXX_COMMON_API void BLOCXX_NAMESPACE::Secure::runAs ( char const *  username,
EChildGroupAction  extendedGroupAction = E_SOURCE_EXTENDED_GROUPS 
)

Look up user ID and group ID for username in password file, chdir to "/", then drop privileges and run with that user ID and group ID.

The extendedGroupAction parameter determines whether or not the child process's extended groups get initialized, or if it only runs with its primary group.

Precondition:
Currently running as root (both uid and euid).

Definition at line 365 of file Secure.cpp.

References ABORT_ERRNO_IF, ABORT_IF, and dropPrivilegesPermanently().