Drop setuid ASAP, to minimize code executed as root.
Reviewed by: pst
This commit is contained in:
Bill Fenner
parent
a3ec9ca226
commit
f1284d7a51
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=17474
@ -154,13 +154,26 @@ main(argc, argv)
|
||||
struct protoent *proto;
|
||||
struct termios ts;
|
||||
register int i;
|
||||
int ch, fdmask, hold, packlen, preload;
|
||||
int ch, fdmask, hold, packlen, preload, sockerrno;
|
||||
u_char *datap, *packet;
|
||||
char *target, hnamebuf[MAXHOSTNAMELEN], *malloc();
|
||||
#ifdef IP_OPTIONS
|
||||
char rspace[3 + 4 * NROUTES + 1]; /* record route space */
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Do the stuff that we need root priv's for *first*, and
|
||||
* then drop our setuid bit. Save error reporting for
|
||||
* after arg parsing.
|
||||
*/
|
||||
proto = getprotobyname("icmp");
|
||||
if (proto) {
|
||||
s = socket(AF_INET, SOCK_RAW, proto->p_proto);
|
||||
sockerrno = errno;
|
||||
}
|
||||
|
||||
setuid(getuid());
|
||||
|
||||
preload = 0;
|
||||
if (tcgetattr (0, &ts) != -1) {
|
||||
reset_kerninfo = !(ts.c_lflag & NOKERNINFO);
|
||||
@ -288,11 +301,12 @@ main(argc, argv)
|
||||
|
||||
ident = getpid() & 0xFFFF;
|
||||
|
||||
if (!(proto = getprotobyname("icmp"))) {
|
||||
if (!proto) {
|
||||
(void)fprintf(stderr, "ping: unknown protocol icmp.\n");
|
||||
exit(1);
|
||||
}
|
||||
if ((s = socket(AF_INET, SOCK_RAW, proto->p_proto)) < 0) {
|
||||
if (s < 0) {
|
||||
errno = sockerrno;
|
||||
perror("ping: socket");
|
||||
exit(1);
|
||||
}
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
#ifndef lint
|
||||
static char *rcsid =
|
||||
"@(#)$Header: traceroute.c,v 1.27 95/10/18 00:17:06 leres Exp $ (LBL)";
|
||||
"@(#)$Header: /home/ncvs/src/usr.sbin/traceroute/traceroute.c,v 1.5 1996/03/13 08:04:29 pst Exp $ (LBL)";
|
||||
#endif
|
||||
|
||||
/*
|
||||
@ -294,6 +294,20 @@ main(int argc, char **argv)
|
||||
int lsrr = 0;
|
||||
u_long gw;
|
||||
u_char optlist[MAX_IPOPTLEN], *oix;
|
||||
int sockerrno;
|
||||
|
||||
/*
|
||||
* Do the setuid-required stuff first, then lose priveleges ASAP.
|
||||
* Do error checking for these two calls where they appeared in
|
||||
* the original code.
|
||||
*/
|
||||
pe = getprotobyname("icmp");
|
||||
if (pe) {
|
||||
s = socket(AF_INET, SOCK_RAW, pe->p_proto);
|
||||
sockerrno = errno;
|
||||
}
|
||||
|
||||
setuid(getuid());
|
||||
|
||||
oix = optlist;
|
||||
bzero(optlist, sizeof(optlist));
|
||||
@ -446,11 +460,12 @@ main(int argc, char **argv)
|
||||
|
||||
ident = (getpid() & 0xffff) | 0x8000;
|
||||
|
||||
if ((pe = getprotobyname("icmp")) == NULL) {
|
||||
if (pe == NULL) {
|
||||
Fprintf(stderr, "icmp: unknown protocol\n");
|
||||
exit(10);
|
||||
}
|
||||
if ((s = socket(AF_INET, SOCK_RAW, pe->p_proto)) < 0) {
|
||||
if (s < 0) {
|
||||
errno = sockerrno;
|
||||
perror("traceroute: icmp socket");
|
||||
exit(5);
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user