nfqws,tpws: check list files accessibility with dropped privs in --dry-run mode

2 months ago · fd698d801b
3 changed files with 27 additions and 0 deletions
--- a/docs/changes.txt
+++ b/docs/changes.txt
@ -506,5 +506,6 @@ blockcheck: report test function and domain every test
 v71.1

 nfqws,tpws: much faster ipset implementation. move from hash to avl tree
+nfqws,tpws: check list files accessibility with dropped privs in --dry-run mode
 install_easy: stop if running embedded release on traditional linux system (some files missing)
 install_bin: add "read elf" arch detection method
--- a/nfq/nfqws.c
+++ b/nfq/nfqws.c
@ -3094,6 +3094,20 @@ int main(int argc, char **argv)

 	if (bDry)
 	{
+#ifndef __CYGWIN__
+		if (params.droproot)
+		{
+			if (!droproot(params.uid,params.gid,params.gid_count))
+				exit_clean(1);
+#ifdef __linux__
+			if (!dropcaps())
+				exit_clean(1);
+#endif
+			print_id();
+			if (!test_list_files())
+				exit_clean(1);
+		}
+#endif
 		DLOG_CONDUP("command line parameters verified\n");
 		exit_clean(0);
 	}
--- a/tpws/tpws.c
+++ b/tpws/tpws.c
@ -1715,6 +1715,18 @@ void parse_params(int argc, char *argv[])
 #endif
 	if (bDry)
 	{
+		if (params.droproot)
+		{
+			if (!droproot(params.uid,params.gid,params.gid_count))
+				exit_clean(1);
+#ifdef __linux__
+			if (!dropcaps())
+				exit_clean(1);
+#endif
+			print_id();
+			if (!test_list_files())
+				exit_clean(1);
+		}
 		DLOG_CONDUP("command line parameters verified\n");
 		exit_clean(0);
 	}