From fd698d801bec5f973a3bb6376da75ceee3ac1900 Mon Sep 17 00:00:00 2001
From: bol-van <none@none.none>
Date: Thu, 29 May 2025 15:43:27 +0300
Subject: [PATCH] nfqws,tpws: check list files accessibility with dropped privs
 in --dry-run mode

---
 docs/changes.txt |  1 +
 nfq/nfqws.c      | 14 ++++++++++++++
 tpws/tpws.c      | 12 ++++++++++++
 3 files changed, 27 insertions(+)

diff --git a/docs/changes.txt b/docs/changes.txt
index b9939c62..3b04486a 100644
--- a/docs/changes.txt
+++ b/docs/changes.txt
@@ -506,5 +506,6 @@ blockcheck: report test function and domain every test
 v71.1
 
 nfqws,tpws: much faster ipset implementation. move from hash to avl tree
+nfqws,tpws: check list files accessibility with dropped privs in --dry-run mode
 install_easy: stop if running embedded release on traditional linux system (some files missing)
 install_bin: add "read elf" arch detection method
diff --git a/nfq/nfqws.c b/nfq/nfqws.c
index 32736fe0..d3426038 100644
--- a/nfq/nfqws.c
+++ b/nfq/nfqws.c
@@ -3094,6 +3094,20 @@ int main(int argc, char **argv)
 
 	if (bDry)
 	{
+#ifndef __CYGWIN__
+		if (params.droproot)
+		{
+			if (!droproot(params.uid,params.gid,params.gid_count))
+				exit_clean(1);
+#ifdef __linux__
+			if (!dropcaps())
+				exit_clean(1);
+#endif
+			print_id();
+			if (!test_list_files())
+				exit_clean(1);
+		}
+#endif
 		DLOG_CONDUP("command line parameters verified\n");
 		exit_clean(0);
 	}
diff --git a/tpws/tpws.c b/tpws/tpws.c
index baacc28e..f1712bc8 100644
--- a/tpws/tpws.c
+++ b/tpws/tpws.c
@@ -1715,6 +1715,18 @@ void parse_params(int argc, char *argv[])
 #endif
 	if (bDry)
 	{
+		if (params.droproot)
+		{
+			if (!droproot(params.uid,params.gid,params.gid_count))
+				exit_clean(1);
+#ifdef __linux__
+			if (!dropcaps())
+				exit_clean(1);
+#endif
+			print_id();
+			if (!test_list_files())
+				exit_clean(1);
+		}
 		DLOG_CONDUP("command line parameters verified\n");
 		exit_clean(0);
 	}