From 5aae91763ac5e4c01d3fa16461c0b64556cd79ef Mon Sep 17 00:00:00 2001
From: kjothi774 <Krishnaveni_Jothimathavan@comcast.com>
Date: Thu, 2 Apr 2020 03:03:12 +0000
Subject: [PATCH] To drop root privilege for parodus process

---
 CHANGELOG.md       | 1 +
 src/CMakeLists.txt | 2 +-
 src/main.c         | 2 ++
 src/privilege.c    | 6 ++++++
 src/privilege.h    | 1 +
 5 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 src/privilege.c
 create mode 100644 src/privilege.h

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 9e3224f..afd2e05 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -79,6 +79,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ### Security
 - Added command line arguments for secure token read and acquire.  Token presented to cloud for authentication verification.
+- Included chnages to drop root capabilities for parodus process
 
 ## [1.0.0] - 2017-11-17
 ### Added
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 0029f70..aa3f66c 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -15,7 +15,7 @@ set(SOURCES main.c mutex.c networking.c nopoll_helpers.c heartBeat.c nopoll_hand
     ParodusInternal.c string_helpers.c time.c config.c conn_interface.c
     connection.c spin_thread.c client_list.c service_alive.c
     upstream.c downstream.c thread_tasks.c partners_check.c token.c event_handler.c
-	crud_interface.c crud_tasks.c crud_internal.c close_retry.c auth_token.c)
+	crud_interface.c crud_tasks.c crud_internal.c close_retry.c auth_token.c privilege.c)
 
 if (ENABLE_SESHAT)
 set(SOURCES ${SOURCES} seshat_interface.c)
diff --git a/src/main.c b/src/main.c
index fbf92f4..85c3010 100644
--- a/src/main.c
+++ b/src/main.c
@@ -27,6 +27,7 @@
 #include "breakpad_wrapper.h"
 #endif
 #include "signal.h"
+#include "privilege.h"
 
 /*----------------------------------------------------------------------------*/
 /*                                   Macros                                   */
@@ -104,6 +105,7 @@ int main( int argc, char **argv)
     memset(cfg,0,sizeof(ParodusCfg));
     
     ParodusInfo("********** Starting component: Parodus **********\n "); 
+    drop_root_privilege();
     setDefaultValuesToCfg(cfg);
     if (0 != parseCommandLine(argc,argv,cfg)) {
 		abort();
diff --git a/src/privilege.c b/src/privilege.c
new file mode 100644
index 0000000..d14d6c7
--- /dev/null
+++ b/src/privilege.c
@@ -0,0 +1,6 @@
+#include "privilege.h"
+
+void drop_root_privilege()
+{
+
+}
diff --git a/src/privilege.h b/src/privilege.h
new file mode 100644
index 0000000..2654a3e
--- /dev/null
+++ b/src/privilege.h
@@ -0,0 +1 @@
+void drop_root_privilege();