Security fixes. (Just same as sbin/ping and usr.sbin/traceroute)

-Open socket() at first and then setuid() to actual user.
  -Allow ping6 preload option only for root.

Approved by: jkh

Submitted by: Neil Blakey-Milner <nbm@mithrandr.moria.org>

sbin/ping6/ping6.c

@@ -269,6 +269,10 @@ main(argc, argv)
 	memset(&smsghdr, 0, sizeof(&smsghdr));
 	memset(&smsgiov, 0, sizeof(&smsgiov));
 
+	if ((s = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0)
+		err(1, "socket");
+	setuid(getuid());
+
 	preload = 0;
 	datap = &outpack[ICMP6ECHOLEN + ICMP6ECHOTMLEN];
 #ifndef IPSEC
@@ -356,6 +360,10 @@ main(argc, argv)
 			options |= F_INTERVAL;
 			break;
 		case 'l':
+			if (getuid()) {
+				errno = EPERM;
+				errx(1, "Must be superuser to preload");
+			}
 			preload = strtol(optarg, &e, 10);
 			if (preload < 0 || *optarg == '\0' || *e != '\0')
 				errx(1, "illegal preload value -- %s", optarg);
@@ -462,9 +470,6 @@ main(argc, argv)
 
 	ident = getpid() & 0xFFFF;
 
-	if ((s = socket(res->ai_family, res->ai_socktype, res->ai_protocol)) < 0)
-	  err(1, "socket");
-
 	hold = 1;
 
 	if (options & F_SO_DEBUG)

usr.sbin/traceroute6/traceroute6.c

@@ -365,6 +365,15 @@ main(argc, argv)
 	static u_char rcvcmsgbuf[CMSG_SPACE(sizeof(struct in6_pktinfo))
 				+ CMSG_SPACE(sizeof(int))];
 
+	/*
+	 * Receive ICMP
+	 */
+	if ((rcvsock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) {
+		perror("traceroute6: icmp socket");
+		exit(5);
+	}
+	setuid(getuid());
+
 	on = 1;
 	seq = 0;
 
@@ -482,13 +491,6 @@ main(argc, argv)
 	}
 	(void) bzero((char *)outpacket, datalen);
 
-	/*
-	 * Receive ICMP
-	 */
-	if ((rcvsock = socket(AF_INET6, SOCK_RAW, IPPROTO_ICMPV6)) < 0) {
-		perror("traceroute6: icmp socket");
-		exit(5);
-	}
 	/* initialize msghdr for receiving packets */
 	rcviov[0].iov_base = (caddr_t)packet;
 	rcviov[0].iov_len = sizeof(packet);