From owner-freebsd-bugs  Sun Aug 11 00:00:05 1996
Return-Path: owner-bugs
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA17489
          for bugs-outgoing; Sun, 11 Aug 1996 00:00:05 -0700 (PDT)
Received: (from gnats@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id AAA17477;
          Sun, 11 Aug 1996 00:00:02 -0700 (PDT)
Resent-Date: Sun, 11 Aug 1996 00:00:02 -0700 (PDT)
Resent-Message-Id: <199608110700.AAA17477@freefall.freebsd.org>
Resent-From: gnats (GNATS Management)
Resent-To: freebsd-bugs
Resent-Reply-To: FreeBSD-gnats@freefall.FreeBSD.org, max@sfc.wide.ad.jp
Received: from mail.tky007.tth.expo96.ad.jp (tky007.tth.expo96.ad.jp [133.246.32.58])
          by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id XAA17237
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 10 Aug 1996 23:56:15 -0700 (PDT)
Received: (from masafumi@localhost) by mail.tky007.tth.expo96.ad.jp (8.7.5/3.4W4-SMTP) id PAA01509; Sun, 11 Aug 1996 15:55:49 +0900 (JST)
Message-Id: <199608110655.PAA01509@mail.tky007.tth.expo96.ad.jp>
Date: Sun, 11 Aug 1996 15:55:49 +0900 (JST)
From: max@sfc.wide.ad.jp
Reply-To: max@sfc.wide.ad.jp
To: FreeBSD-gnats-submit@freebsd.org
X-Send-Pr-Version: 3.2
Subject: bin/1489: Non-super-users cannot use traceroute
Sender: owner-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


>Number:         1489
>Category:       bin
>Synopsis:       Non-super-users cannot use traceroute
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Aug 11 00:00:01 PDT 1996
>Last-Modified:
>Originator:     Masafumi NAKANE
>Organization:
>Release:        FreeBSD 2.2-CURRENT i386
>Environment:

	

>Description:

	
	In /usr/src/usr.sbin/traceroute/traceroute.c, setuid(getuid())
is performed before creating a raw socket which is to send out udp
packet, and thus, non-super-user cannot use the command.

>How-To-Repeat:

	
	As non-super-user:
	% traceroute some.host.domain

>Fix:
	
	
	Either create sndsock much earlier in the program (before
setuid(getuid()), or do setuid(getuid()) later in the program.  Since
it seems recent modification to the program was meant to make it more
secure by putting setuid(getuid()) earlier in the program to get rid
of the privilege, I suppose former solution should be taken.  I attach
my quick and dirty hack here, as it might be any use by chance.
     This is a patch to:
Header: /home/ncvs/src/usr.sbin/traceroute/traceroute.c,v 1.6 1996/08/09 06:00:53 fenner Exp

*** traceroute.c.orig	Sat Aug 10 11:08:59 1996
--- traceroute.c	Sun Aug 11 15:28:03 1996
***************
*** 307,312 ****
--- 307,317 ----
  		sockerrno = errno;
  	}
  
+ 	if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
+ 		perror("traceroute: raw socket");
+ 		exit(5);
+ 	}
+ 
  	setuid(getuid());
  
  	oix = optlist;
***************
*** 475,485 ****
  	if (options & SO_DONTROUTE)
  		(void) setsockopt(s, SOL_SOCKET, SO_DONTROUTE,
  				  (char *)&on, sizeof(on));
- 
- 	if ((sndsock = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) < 0) {
- 		perror("traceroute: raw socket");
- 		exit(5);
- 	}
  
  	if (lsrr > 0) {
  	  lsrr++;
--- 480,485 ----
>Audit-Trail:
>Unformatted: