Changed user for security

Makefile

@@ -13,7 +13,9 @@ work/%.o: src/%.c $(wildcard src/include/*.h)
 	$(CC) $(CFLAGS) $< -c -o $@
 
 install: build/$(OUT)
+	useradd -M swebs
 	cp build/$(OUT) $(INSTALLDIR)/$(OUT)
 
 uninstall: $(INSTALLDIR)/$(OUT)
+	userdel swebs
 	rm $(INSTALLDIR)/$(OUT)

example/logs

@@ -1,287 +0,0 @@
-[2022-01-30T17:15:55Z] swebs started
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:58Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:15:59Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:00Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:01Z] Accepting a stream failed
-[2022-01-30T17:16:04Z] Accepting a stream failed
-[2022-01-30T17:16:16Z] Accepting a stream failed
-[2022-01-30T17:22:52Z] swebs started
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:22:56Z] Accepting a stream failed
-[2022-01-30T17:23:02Z] Accepting a stream failed
-[2022-01-30T17:38:41Z] swebs started
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:46Z] Accepting a stream failed
-[2022-01-30T17:38:48Z] Accepting a stream failed
-[2022-01-30T17:39:19Z] swebs started
-[2022-01-30T17:39:19Z] Accepting a stream failed
-[2022-01-30T17:39:45Z] swebs started
-[2022-01-30T17:42:25Z] swebs started
-[2022-01-30T17:43:31Z] swebs started
-[2022-01-30T17:46:31Z] swebs started
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:46Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:46:52Z] Accepting a stream failed
-[2022-01-30T17:47:55Z] swebs started
-[2022-01-30T18:00:18Z] swebs started
-[2022-01-30T18:00:47Z] swebs started
-[2022-01-30T18:01:18Z] swebs started
-[2022-01-30T18:02:49Z] swebs started
-[2022-01-30T18:03:30Z] swebs started
-[2022-01-30T18:03:43Z] swebs started
-[2022-01-30T18:05:01Z] swebs started
-[2022-01-30T18:05:37Z] swebs started
-[2022-01-30T18:05:53Z] swebs started
-[2022-01-30T18:06:10Z] swebs started
-[2022-01-30T18:06:27Z] swebs started
-[2022-01-30T18:11:39Z] swebs started
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:44Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:46Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:47Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:48Z] Accepting a stream failed
-[2022-01-30T18:11:55Z] swebs started
-[2022-01-30T18:12:05Z] Accepting a stream failed
-[2022-01-30T18:12:15Z] swebs started
-[2022-01-30T18:13:00Z] swebs started
-[2022-01-30T18:13:37Z] swebs started
-[2022-01-30T18:13:46Z] swebs started
-[2022-01-30T18:15:42Z] swebs started
-[2022-01-30T18:15:56Z] swebs started
-[2022-01-30T18:16:10Z] swebs started
-[2022-01-30T18:17:19Z] swebs started
-[2022-01-30T18:17:35Z] swebs started
-[2022-01-30T18:18:41Z] swebs started
-[2022-01-30T18:19:01Z] swebs started
-[2022-01-30T18:19:14Z] swebs started
-[2022-01-30T18:20:30Z] swebs started
-[2022-01-30T18:21:20Z] swebs started
-[2022-01-30T18:23:10Z] swebs started
-[2022-01-30T18:24:01Z] swebs started
-[2022-01-30T18:25:19Z] swebs started
-[2022-01-30T18:25:39Z] swebs started
-[2022-01-30T18:26:13Z] swebs started
-[2022-01-30T18:27:14Z] swebs started
-[2022-01-30T18:27:30Z] swebs started
-[2022-01-30T18:27:59Z] swebs started
-[2022-01-30T18:28:03Z] swebs started
-[2022-01-30T18:30:10Z] swebs started
-[2022-01-30T18:30:17Z] swebs started
-[2022-01-30T18:32:21Z] swebs started
-[2022-01-30T18:32:24Z] swebs started
-[2022-01-30T18:32:54Z] swebs started
-[2022-01-30T18:32:59Z] swebs started
-[2022-01-30T18:33:18Z] swebs started
-[2022-01-30T18:33:28Z] swebs started
-[2022-01-30T18:34:35Z] swebs started
-[2022-01-30T18:35:17Z] swebs started
-[2022-01-30T18:35:30Z] swebs started
-[2022-01-30T18:37:09Z] swebs started
-[2022-01-30T18:37:40Z] swebs started
-[2022-01-30T18:38:20Z] swebs started
-[2022-01-30T18:38:49Z] swebs started
-[2022-01-30T18:38:54Z] swebs started

src/main.c

@@ -22,9 +22,11 @@
 #include <assert.h>
 #include <stdint.h>
 
+#include <pwd.h>
 #include <fcntl.h>
 #include <unistd.h>
 #include <pthread.h>
+#include <sys/types.h>
 
 #include <util.h>
 #include <runner.h>
@@ -90,7 +92,6 @@ int main(int argc, char **argv) {
 		}
 	}
 
-
 	if (sitefile == NULL) {
 		fprintf(stderr, "No sitefile configured\n");
 		exit(EXIT_FAILURE);
@@ -122,6 +123,24 @@ int main(int argc, char **argv) {
 		exit(EXIT_FAILURE);
 	}
 
+	{
+		struct passwd *swebs = getpwnam("swebs");
+		if (swebs == NULL)
+			createLog("Couldn't find swebs user");
+		else
+			if (seteuid(swebs->pw_uid))
+				createLog("seteuid() failed");
+		struct passwd *root = getpwnam("root");
+		if (root == NULL) {
+			createLog("Couldn't find root user, quitting");
+			exit(EXIT_FAILURE);
+		}
+		if (geteuid() == root->pw_uid) {
+			createLog("swebs should not be run as root");
+			exit(EXIT_FAILURE);
+		}
+	}
+
 	int *pending = calloc(processes - 1, sizeof(int));
 	int (*notify)[2] = malloc(sizeof(int[2]) * (processes - 1));
 	pthread_t *threads = malloc(sizeof(pthread_t) * (processes - 1));