From 7f3ce5c27502a845289daa8daf2497e67ff39af6 Mon Sep 17 00:00:00 2001
From: Markus Uhlin <markus@nifty-networks.net>
Date: Sun, 9 Nov 2025 00:54:45 +0100
Subject: Require root privileges if the FICS prefix compares to anything else
 than '/home'

---
 FICS/makerank.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'FICS/makerank.c')

diff --git a/FICS/makerank.c b/FICS/makerank.c
index aa92ae0..e50886a 100644
--- a/FICS/makerank.c
+++ b/FICS/makerank.c
@@ -15,6 +15,7 @@
 #include "common.h"
 #include "ficsmain.h"
 #include "makerank.h"
+#include "prep_dir_for_privdrop.h"
 #include "utils.h"
 
 static ENTRY	**list;
@@ -340,6 +341,16 @@ main(int argc, char **argv)
 		return EXIT_FAILURE;
 	}
 
+	if (strncmp(FICS_PREFIX, "/home", 5) == 0) {
+		if (is_super_user())
+			errx(1, "Do not run as root");
+	} else {
+		if (!is_super_user())
+			errx(1, "Need root privileges");
+		else if (drop_root_privileges(FICS_PREFIX) == -1)
+			errx(1, "Privdrop failed");
+	}
+
 	makerank();
 	return EXIT_SUCCESS;
 }
-- 
cgit v1.2.3