From d11eb8976886ef86ea6bfa61855af728f7dd3b97 Mon Sep 17 00:00:00 2001
From: Alex Halderman <jhalderm@eecs.umich.edu>
Date: Fri, 30 Aug 2013 14:48:56 -0400
Subject: [PATCH] Drop privileges after starting threads

---
 src/zmap.c | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/zmap.c b/src/zmap.c
index cafb7a2..abc2153 100644
--- a/src/zmap.c
+++ b/src/zmap.c
@@ -16,10 +16,12 @@
 #include <sched.h>
 #include <errno.h>
 
+#include <pwd.h>
 #include <net/if.h>
 #include <sys/socket.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
+#include <sys/types.h>
 
 #include <pcap/pcap.h>
 
@@ -106,6 +108,17 @@ static void* start_recv(__attribute__((unused)) void *arg)
 	return NULL;
 }
 
+static void drop_privs()
+{
+	struct passwd *pw;
+	if ((pw = getpwnam("nobody")) != NULL) {
+		if (setuid(pw->pw_uid) == 0) {
+			return; // success
+		}
+	}
+	log_fatal("zmap", "Couldn't change UID to 'nobody'");		
+}
+
 static void *start_mon(__attribute__((unused)) void *arg)
 {
 	set_cpu();
@@ -261,6 +274,8 @@ static void start_zmap(void)
 		}
 	}
 
+	drop_privs();
+
 	// wait for completion
 	for (int i=0; i < zconf.senders; i++) {
 		int r = pthread_join(tsend[i], NULL);