Drop privs when possible

ethertype-dump.c

@@ -1,3 +1,4 @@
+#define _GNU_SOURCE
 #include <arpa/inet.h>
 #include <assert.h>
 #include <err.h>
@@ -30,6 +31,20 @@ void format_mac(const unsigned char binary_address[6], char formatted[18]) {
 	formatted[17] = '\0';
 }
 
+void drop_privileges(void) {
+	uid_t uid = getuid();
+	gid_t gid = getgid();
+
+	errno = 0;
+	if (setresgid(gid, gid, gid) == -1) {
+		err(1, "setresgid");
+	}
+	errno = 0;
+	if (setresuid(uid, uid, uid) == -1) {
+		err(1, "setresuid");
+	}
+}
+
 int main(int argc, char **argv) {
 	if (argc != 2) {
 		fprintf(stderr, "Usage: %s interface\n", argv[0]);
@@ -43,6 +58,9 @@ int main(int argc, char **argv) {
 		err(1, "socket");
 	}
 
+	// Only creating the socket requires root privs
+	drop_privileges();
+
 	// Find the index of the network interface
 	struct ifreq ifr;
 	strncpy(ifr.ifr_name, argv[1], IFNAMSIZ);