[monitoring-plugins] lib/parse_ini.c: Drop privileges for reading file

[Holger Weiss]

 Module: monitoring-plugins
 Branch: master
 Commit: 48025ff39c3a78b7805bf803ac96730cef53e15c
 Author: Holger Weiss <holger at zedat.fu-berlin.de>
   Date: Wed Jun 18 23:22:12 2014 +0200
    URL: https://www.monitoring-plugins.org/repositories/monitoring-plugins/commit/?id=48025ff

lib/parse_ini.c: Drop privileges for reading file

Read the configuration file with privileges temporarily dropped if the
code is used by a setuid plugin.

---

 lib/parse_ini.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/parse_ini.c b/lib/parse_ini.c
index 447bd45..86b94e7 100644
--- a/lib/parse_ini.c
+++ b/lib/parse_ini.c
@@ -22,6 +22,7 @@
 *****************************************************************************/
 
 #include "common.h"
+#include "idpriv.h"
 #include "utils_base.h"
 #include "parse_ini.h"
 
@@ -118,6 +119,11 @@ np_get_defaults(const char *locator, const char *default_section)
 	FILE *inifile = NULL;
 	np_arg_list *defaults = NULL;
 	np_ini_info i;
+	int is_suid_plugin = mp_suid();
+
+	if (is_suid_plugin && idpriv_temp_drop() == -1)
+		die(STATE_UNKNOWN, _("Cannot drop privileges: %s\n"),
+		    strerror(errno));
 
 	parse_locator(locator, default_section, &i);
 	inifile = strcmp(i.file, "-") == 0 ? stdin : fopen(i.file, "r");
@@ -133,6 +139,10 @@ np_get_defaults(const char *locator, const char *default_section)
 	if (inifile != stdin)
 		fclose(inifile);
 	free(i.stanza);
+	if (is_suid_plugin && idpriv_temp_restore() == -1)
+		die(STATE_UNKNOWN, _("Cannot restore privileges: %s\n"),
+		    strerror(errno));
+
 	return defaults;
 }